# jan/02/1970 02:44:17 by RouterOS 6.46.3# software id = NHXT-8UUY## model

1. # jan/02/1970 02:44:17 by RouterOS 6.46.3
2. # software id = NHXT-8UUY
3. #
4. # model = RouterBOARD 952Ui-5ac2nD
5. # serial number = 7C3008EB9CDD
6. /interface bridge
7. add name=bridge_LAN
8. add name=bridge_loopback
9. /interface ethernet
10. set [ find default-name=ether1 ] comment="to ISP1"
11. set [ find default-name=ether2 ] comment="to ISP2"
12. set [ find default-name=ether3 ] comment="to LAN1"
13. set [ find default-name=ether4 ] comment="to LAN1"
14. set [ find default-name=ether5 ] comment="to LAN2"
15. /interface list
16. add comment="For Internet" name=WAN
17. add comment="For Local Area" name=LAN
18. /interface wireless security-profiles
19. set [ find default=yes ] supplicant-identity=MikroTik
20. add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
21.     management-protection=allowed mode=dynamic-keys name=HomeWIFI \
22.     supplicant-identity="" wpa-pre-shared-key=12345678 \
23.     wpa2-pre-shared-key=12345678
24. /interface wireless
25. set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-a/n/ac \
26.     channel-width=20/40/80mhz-XXXX comment=Wireless country=no_country_set \
27.     disabled=no distance=indoors frequency=auto frequency-mode=manual-txpower \
28.     installation=indoor mode=ap-bridge name=wifi security-profile=HomeWIFI \
29.     ssid=MikroTik wireless-protocol=802.11
30. set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=\
31.     20/40mhz-XX country=no_country_set disabled=no distance=indoors \
32.     frequency=auto frequency-mode=manual-txpower installation=indoor mode=\
33.     ap-bridge name=wifi2g security-profile=HomeWIFI ssid=MikroTik_2G \
34.     wireless-protocol=802.11
35. /interface wireless nstreme
36. set wifi comment=Wireless
37. /interface wireless manual-tx-power-table
38. set wifi comment=Wireless
39. /ip hotspot profile
40. set [ find default=yes ] html-directory=flash/hotspot
41. /ip pool
42. add name=dhcp_pool0 ranges=192.168.1.2-192.168.1.150
43. /ip dhcp-server
44. add address-pool=dhcp_pool0 disabled=no interface=bridge_LAN lease-time=1d \
45.     name=dhcp1
46. /ppp profile
47. add comment="for PPPoE to ISP2" interface-list=WAN name=isp2_client
48. add comment="for PPPoE to ISP1" interface-list=WAN name=isp1_client
49. /interface pppoe-client
50. add allow=mschap2 comment="to ISP1" disabled=no interface=ether1 name=\
51.     pppoe-isp1 password=isp1_pass profile=isp1_client user=isp1_user
52. add allow=mschap2 comment="to ISP2" disabled=no interface=ether2 name=\
53.     pppoe-isp2 password=isp2_pass profile=isp2_client user=isp2_user
54. /interface bridge port
55. add bridge=bridge_LAN interface=wifi2g
56. add bridge=bridge_LAN interface=wifi
57. add bridge=bridge_LAN interface=ether3
58. add bridge=bridge_LAN interface=ether4
59. /interface list member
60. add comment=ISP1 interface=ether1 list=WAN
61. add comment=ISP2 interface=ether2 list=WAN
62. add comment=LAN1 interface=ether3 list=LAN
63. add comment=LAN1 interface=ether4 list=LAN
64. add interface=wifi2g list=LAN
65. add interface=wifi list=LAN
66. add comment=LAN2 interface=ether5 list=LAN
67. add interface=pppoe-isp2 list=WAN
68. /ip address
69. add address=192.168.1.1/24 comment="WIFI IP" interface=bridge_LAN network=\
70.     192.168.1.0
71. /ip dhcp-server network
72. add address=192.168.1.0/24 gateway=192.168.1.1
73. /ip dns
74. set servers=1.1.1.1,8.8.8.8,8.8.4.4
75. /ip firewall mangle
76. add action=mark-routing chain=prerouting dst-port=443 in-interface=bridge_LAN \
77.     new-routing-mark=table_1 passthrough=no per-connection-classifier=\
78.     src-address:2/0 protocol=tcp
79. add action=mark-routing chain=prerouting dst-port=443 in-interface=bridge_LAN \
80.     new-routing-mark=table_2 passthrough=no per-connection-classifier=\
81.     src-address:2/1 protocol=tcp
82. add action=mark-routing chain=prerouting in-interface=bridge_LAN \
83.     new-routing-mark=table_1 passthrough=no per-connection-classifier=\
84.     both-addresses:2/0
85. add action=mark-routing chain=prerouting in-interface=bridge_LAN \
86.     new-routing-mark=table_2 passthrough=no per-connection-classifier=\
87.     both-addresses:2/1
88. add action=mark-routing chain=output new-routing-mark=table_1 passthrough=no
89. add action=mark-routing chain=output new-routing-mark=table_2 passthrough=no
90. add action=mark-routing chain=output dst-address=8.8.4.4 new-routing-mark=\
91.     icmp_table_1 passthrough=no
92. add action=mark-routing chain=output dst-address=8.8.8.8 new-routing-mark=\
93.     icmp_table_2 passthrough=no
94. /ip route
95. add distance=1 dst-address=192.168.1.0/24 gateway=bridge_LAN routing-mark=\
96.     table_1
97. add distance=1 dst-address=192.168.1.0/24 gateway=bridge_LAN routing-mark=\
98.     table_2
99. add distance=1 gateway=bridge_loopback
100. /ip route rule
101. add disabled=yes routing-mark=table_1 table=table_1
102. add routing-mark=table_1 table=table_2
103. add disabled=yes routing-mark=table_2 table=table_2
104. add routing-mark=table_2 table=table_1
105. add action=lookup-only-in-table routing-mark=icmp_table_1 table=table_1
106. add action=lookup-only-in-table routing-mark=icmp_table_2 table=table_2
107. /ip route vrf
108. add interfaces=pppoe-isp1 routing-mark=table_1
109. add interfaces=pppoe-isp2 routing-mark=table_2
110. /system ntp client
111. set enabled=yes server-dns-names=0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org
112. /tool netwatch
113. add down-script="ip route rule set disabled=yes numbers=2" host=8.8.8.8 \
114.     interval=20s up-script="ip route rule set disabled=no numbers=2"
115. add down-script="ip route rule set disabled=yes numbers=0" host=8.8.4.4 \
116.     interval=20s up-script="ip route rule set disabled=no numbers=0"