API tools faq
paste
Advertisement
Guest User

Mikrot

a guest
Jun 17th, 2024
56
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 42.75 KB | None | 0 0
raw download clone embed print report
  1. # jun/17/2024 15:12:37 by RouterOS 6.49.15
  2. # software id = ********
  3. #
  4. # model = RouterBOARD 3011UiAS
  5. # serial number = 783D0731FC21
  6. /caps-man channel
  7. add band=2ghz-b/g/n control-channel-width=20mhz frequency=\
  8. 2412,2417,2422,2427,2432,2437,2442,2447,2452,2457,2462,2467,2472 name=\
  9. channelUniversal tx-power=20
  10. /interface bridge
  11. add comment=" Guest DOMRU Network" name=bridge_DOM.RU
  12. add admin-mac=DE:A5:97:57:0F:B4 auto-mac=no comment="Local Network" name=\
  13. bridge_Local vlan-filtering=yes
  14. /interface ethernet
  15. set [ find default-name=ether1 ] comment=Local loop-protect=on \
  16. loop-protect-send-interval=1s
  17. set [ find default-name=ether2 ] comment=Reserve loop-protect-send-interval=\
  18. 1s speed=100Mbps
  19. set [ find default-name=ether3 ] comment="UPLINK_Servers to Dialine" speed=\
  20. 100Mbps
  21. set [ find default-name=ether4 ] comment=\
  22. "SIP \F2\E5\EB\E5\F4\EE\ED \D0\E5\F1\E5\EF\F8\E5\ED MP 202 \F8\EB\FE\E7" \
  23. speed=100Mbps
  24. set [ find default-name=ether5 ] comment="Dom_RU_Corporate Network" speed=\
  25. 100Mbps
  26. set [ find default-name=ether6 ] comment="ISP 2 Rostelekom" speed=100Mbps
  27. set [ find default-name=ether7 ] comment="Guest network DOM.RU" loop-protect=\
  28. on speed=100Mbps
  29. set [ find default-name=ether8 ] comment=Reserve loop-protect=on speed=\
  30. 100Mbps
  31. set [ find default-name=ether9 ] comment="Up-Link MikroTik_Reseption" speed=\
  32. 100Mbps
  33. set [ find default-name=ether10 ] comment="Up-Link 1C-Server" speed=100Mbps
  34. set [ find default-name=sfp1 ] advertise=\
  35. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes \
  36. loop-protect=on
  37. /interface pppoe-client
  38. add comment="ISP 1 DOM.RU" disabled=no interface=ether5 name=pppoe-out1 \
  39. password=**** use-peer-dns=yes user=****
  40. /interface vlan
  41. add comment="Network device management MGMT" interface=bridge_Local \
  42. loop-protect=on loop-protect-disable-time=4s loop-protect-send-interval=\
  43. 1s name=ManagementVlan2 vlan-id=2
  44. add comment="Network of Servers" interface=bridge_Local loop-protect=on \
  45. loop-protect-disable-time=4s loop-protect-send-interval=1s name=\
  46. "Network of ServersVlan3" vlan-id=3
  47. add comment=Personal interface=bridge_Local loop-protect=on \
  48. loop-protect-disable-time=4s loop-protect-send-interval=1s name=\
  49. Teh.PersonalVlan9 vlan-id=9
  50. add comment=UnlimitedSpeed interface=bridge_Local loop-protect=on \
  51. loop-protect-disable-time=4s loop-protect-send-interval=1s name=\
  52. UnlimitedSpeedVlan7 vlan-id=7
  53. add comment=VoIP disabled=yes interface=bridge_Local \
  54. loop-protect-disable-time=4s loop-protect-send-interval=1s name=\
  55. VoiceVlan8 vlan-id=8
  56. add comment=Vlan3603_Guest_DOMRU interface=bridge_Local loop-protect=on \
  57. loop-protect-disable-time=4s name=vlan_Dom.Ru vlan-id=3603
  58. /caps-man datapath
  59. add bridge=bridge_DOM.RU comment="Config Stage4" name=datapath2Stage4 \
  60. vlan-id=3603
  61. add bridge=bridge_DOM.RU comment="Config Stage3" name=datapath3Stage3 \
  62. vlan-id=3603
  63. add bridge=bridge_DOM.RU comment="Config Stage2" name=datapath4Stage2 \
  64. vlan-id=3603
  65. add bridge=bridge_Local name=datapath1Stage1-4_TehnicalWifi vlan-id=9 \
  66. vlan-mode=use-tag
  67. add bridge=bridge_Local comment=VIP name=datapath5 vlan-id=7 vlan-mode=\
  68. use-tag
  69. /caps-man configuration
  70. add channel=channelUniversal country=russia2 datapath=datapath4Stage2 mode=ap \
  71. name=cfg1_Stage2 rx-chains=0,1,2,3 ssid=***** tx-chains=0,1,2,3
  72. add channel=channelUniversal country=russia2 datapath=datapath2Stage4 mode=ap \
  73. name=cfg6_Stage2 rx-chains=0,1,2,3 ssid=***** tx-chains=0,1,2,3
  74. add channel=channelUniversal country=russia2 datapath=datapath4Stage2 mode=ap \
  75. name=cfg11_Stage2 rx-chains=0,1,2,3 ssid=***** tx-chains=0,1,2,3
  76. add channel=channelUniversal country=russia2 datapath=datapath3Stage3 mode=ap \
  77. name=cfg1Stage3 rx-chains=0,1,2,3 ssid=***** tx-chains=0,1,2,3
  78. add channel=channelUniversal country=russia2 datapath=datapath3Stage3 mode=ap \
  79. name=cfg6Stage3 rx-chains=0,1,2,3 ssid=***** tx-chains=0,1,2,3
  80. add channel=channelUniversal country=russia2 datapath=datapath3Stage3 mode=ap \
  81. name=cfg11Stage3 rx-chains=0,1,2,3 ssid=***** tx-chains=0,1,2,3
  82. add channel=channelUniversal country=russia2 datapath=datapath3Stage3 mode=ap \
  83. name=cfg2Stage3 rx-chains=0,1,2,3 ssid=***** tx-chains=0,1,2,3
  84. add channel=channelUniversal country=russia2 datapath=datapath2Stage4 mode=ap \
  85. name=cfg12Stage4 rx-chains=0,1,2,3 ssid=***** tx-chains=0,1,2,3
  86. add channel=channelUniversal country=russia2 datapath=datapath2Stage4 mode=ap \
  87. name=cfg1Stage4 rx-chains=0,1,2,3 ssid=***** tx-chains=0,1,2,3
  88. add channel=channelUniversal country=russia2 datapath=datapath2Stage4 mode=ap \
  89. name=cfg6_Stage4 rx-chains=0,1,2,3 ssid=***** tx-chains=0,1,2,3
  90. add channel=channelUniversal country=russia2 datapath=datapath4Stage2 mode=ap \
  91. name=cfg1Stage0 rx-chains=0,1,2,3 ssid=***** tx-chains=0,1,2,3
  92. add channel=channelUniversal country=russia2 datapath=datapath4Stage2 mode=ap \
  93. name=cfg1Stage2DublinBar rx-chains=0,1,2,3 ssid=***** tx-chains=\
  94. 0,1,2,3
  95. add channel=channelUniversal country=russia2 datapath=datapath4Stage2 mode=ap \
  96. name=cfg11Stage0 rx-chains=0,1,2,3 ssid=***** tx-chains=0,1,2,3
  97. add channel=channelUniversal country=russia2 datapath=datapath4Stage2 mode=ap \
  98. name=cfg6Stage1 rx-chains=0,1,2,3 ssid=***** tx-chains=0,1,2,3
  99. add channel=channelUniversal country=russia2 datapath=datapath4Stage2 mode=ap \
  100. name=cfg3BarLondon rx-chains=0,1,2,3 ssid=***** tx-chains=0,1,2,3
  101. add channel=channelUniversal country=russia3 datapath=datapath4Stage2 mode=ap \
  102. name="cfg4_fijifitnes " rx-chains=0,1,2,3 ssid=***** tx-chains=\
  103. 0,1,2,3
  104. /caps-man interface
  105. add channel=channelUniversal configuration=cfg1Stage4 disabled=no l2mtu=1600 \
  106. mac-address=CC:2D:E0:01:15:25 master-interface=none name=\
  107. MikroTik_Administraciya radio-mac=CC:2D:E0:01:15:25 radio-name=\
  108. CC2DE0011525
  109. add channel=channelUniversal channel.frequency=\
  110. 2412,2417,2422,2427,2432,2437,2442,2447,2452,2457,2462,2467,2472 comment=\
  111. Dublin configuration=cfg1Stage2DublinBar disabled=no l2mtu=1600 \
  112. mac-address=2C:C8:1B:14:56:CB master-interface=none name=MikroTik_Dublin \
  113. radio-mac=2C:C8:1B:14:56:CB radio-name=2CC81B1456CB
  114. add channel=channelUniversal channel.frequency=\
  115. 2412,2417,2422,2427,2432,2437,2442,2447,2452,2457,2462,2467,2472 comment=\
  116. MikroTik_Fitness configuration=cfg1Stage0 disabled=yes l2mtu=1600 \
  117. mac-address=2C:C8:1B:B4:F0:AD master-interface=none name=MikroTik_Fitness \
  118. radio-mac=2C:C8:1B:B4:F0:AD radio-name=2CC81BB4F0AD
  119. add channel.frequency=\
  120. 2412,2417,2422,2427,2432,2437,2442,2447,2452,2457,2462,2467,2472 \
  121. configuration="cfg4_fijifitnes " disabled=yes l2mtu=1600 mac-address=\
  122. 08:55:31:11:9A:0F master-interface=none name=MikroTik_FitnessFIJI \
  123. radio-mac=08:55:31:11:9A:0F radio-name=085531119A0F
  124. add channel.frequency=\
  125. 2412,2417,2422,2427,2432,2437,2442,2447,2452,2457,2462,2467,2472 \
  126. disabled=yes l2mtu=1600 mac-address=08:55:31:11:9A:0F master-interface=\
  127. MikroTik_FitnessFIJI name=MikroTik_FitnessFIJI_VIP radio-mac=\
  128. 08:55:31:11:9A:0F radio-name=085531119A0F
  129. add channel=channelUniversal channel.frequency=\
  130. 2412,2417,2422,2427,2432,2437,2442,2447,2452,2457,2462,2467,2472 \
  131. disabled=yes l2mtu=1600 mac-address=2C:C8:1B:B4:F0:AD master-interface=\
  132. MikroTik_Fitness name=MikroTik_Fitness_VIP radio-mac=2C:C8:1B:B4:F0:AD \
  133. radio-name=2CC81BB4F0AD
  134. add comment=Hostel configuration=cfg1Stage2DublinBar disabled=no l2mtu=1600 \
  135. mac-address=B8:69:F4:2E:6E:F1 master-interface=none name=MikroTik_Hostel \
  136. radio-mac=B8:69:F4:2E:6E:F1
  137. add configuration=cfg1_Stage2 disabled=no l2mtu=1600 mac-address=\
  138. CC:2D:E0:19:D2:93 master-interface=none name=MikroTik_Hostel_2 radio-mac=\
  139. CC:2D:E0:19:D2:93 radio-name=CC2DE019D293
  140. add comment="Stage 0_Prachka" configuration=cfg11Stage0 disabled=no l2mtu=\
  141. 1600 mac-address=64:D1:54:F3:E6:FE master-interface=none name=\
  142. MikroTik_Stage0_Prachka radio-mac=64:D1:54:F3:E6:FE
  143. add channel.frequency=2412 comment="Stage 1" configuration=cfg1_Stage2 \
  144. disabled=no l2mtu=1600 mac-address=CC:2D:E0:EF:A1:F1 master-interface=\
  145. none name="MikroTik_Stage1\B9107" radio-mac=CC:2D:E0:EF:A1:F1 radio-name=\
  146. CC2DE0EFA1F1
  147. add channel.frequency=\
  148. 2412,2417,2422,2427,2432,2437,2442,2447,2452,2457,2462,2467,2472 comment=\
  149. "Stage 2" configuration=cfg6_Stage2 disabled=no l2mtu=1600 mac-address=\
  150. 74:4D:28:98:C7:EF master-interface=none name="MikroTik_Stage2\B9201" \
  151. radio-mac=74:4D:28:98:C7:EF radio-name=744D2898C7EF
  152. add channel.frequency=\
  153. 2412,2417,2422,2427,2432,2437,2442,2447,2452,2457,2462,2467,2472 \
  154. configuration=cfg11_Stage2 disabled=no l2mtu=1600 mac-address=\
  155. 64:D1:54:26:FA:47 master-interface=none name="MikroTik_Stage2\B9205" \
  156. radio-mac=64:D1:54:26:FA:47 radio-name=""
  157. add configuration=cfg6_Stage2 disabled=no l2mtu=1600 mac-address=\
  158. 64:D1:54:14:4B:83 master-interface=none name="MikroTik_Stage2\B9209" \
  159. radio-mac=64:D1:54:14:4B:83
  160. add configuration=cfg11_Stage2 disabled=no l2mtu=1600 mac-address=\
  161. 64:D1:54:25:29:DD master-interface=none name="MikroTik_Stage2\B9215" \
  162. radio-mac=64:D1:54:25:29:DD
  163. add comment="Stage 3" configuration=cfg1Stage3 disabled=no l2mtu=1600 \
  164. mac-address=CC:2D:E0:BE:0A:0F master-interface=none name=\
  165. "MikroTik_Stage3\B9301" radio-mac=CC:2D:E0:BE:0A:0F radio-name=\
  166. CC2DE0BE0A0F
  167. add configuration=cfg6Stage3 disabled=no l2mtu=1600 mac-address=\
  168. 64:D1:54:25:29:8F master-interface=none name="MikroTik_Stage3\B9305" \
  169. radio-mac=64:D1:54:25:29:8F
  170. add configuration=cfg11Stage3 disabled=no l2mtu=1600 mac-address=\
  171. 64:D1:54:44:C0:CF master-interface=none name="MikroTik_Stage3\B9309" \
  172. radio-mac=64:D1:54:44:C0:CF
  173. add configuration=cfg1Stage3 disabled=no l2mtu=1600 mac-address=\
  174. CC:2D:E0:A7:3E:83 master-interface=none name="MikroTik_Stage3\B9312" \
  175. radio-mac=CC:2D:E0:A7:3E:83 radio-name=CC2DE0A73E83
  176. add configuration=cfg1Stage3 disabled=no l2mtu=1600 mac-address=\
  177. 64:D1:54:44:C0:AB master-interface=none name="MikroTik_Stage3\B9315" \
  178. radio-mac=64:D1:54:44:C0:AB
  179. add comment="Stage 4" configuration=cfg6_Stage4 disabled=no l2mtu=1600 \
  180. mac-address=CC:2D:E0:BE:73:6F master-interface=none name=\
  181. "MikroTik_Stage4\B9401" radio-mac=CC:2D:E0:BE:73:6F radio-name=\
  182. CC2DE0BE736F
  183. add configuration=cfg1Stage4 disabled=no l2mtu=1600 mac-address=\
  184. 64:D1:54:46:D1:0B master-interface=none name="MikroTik_Stage4\B9405" \
  185. radio-mac=64:D1:54:46:D1:0B
  186. add configuration=cfg12Stage4 disabled=no l2mtu=1600 mac-address=\
  187. 64:D1:54:49:BF:83 master-interface=none name="MikroTik_Stage4\B9409" \
  188. radio-mac=64:D1:54:49:BF:83
  189. add configuration=cfg6_Stage4 disabled=no l2mtu=1600 mac-address=\
  190. 64:D1:54:EC:19:FF master-interface=none name="MikroTik_Stage4\B9415" \
  191. radio-mac=64:D1:54:EC:19:FF
  192. add channel.frequency=2422 comment=BarLondon configuration=cfg3BarLondon \
  193. disabled=no l2mtu=1600 mac-address=CC:2D:E0:12:2C:33 master-interface=\
  194. none name=Mikrotik_BarLondon radio-mac=CC:2D:E0:12:2C:33 radio-name=\
  195. CC2DE0122C33
  196. add configuration=cfg1_Stage2 disabled=no l2mtu=1600 mac-address=\
  197. CC:2D:E0:A7:3E:F2 master-interface=none name=cap2 radio-mac=\
  198. CC:2D:E0:A7:3E:F2 radio-name=CC2DE0A73EF2
  199. /caps-man security
  200. add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
  201. name=security1 passphrase=ring2016
  202. add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
  203. name=securityVIP passphrase=315920258456
  204. add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm \
  205. group-encryption=aes-ccm name=securityTehnicalWifi passphrase=258456123
  206. /caps-man configuration
  207. add channel=channelUniversal country=russia2 datapath=\
  208. datapath1Stage1-4_TehnicalWifi mode=ap name=cfg11Stage3_TehnicalWifi \
  209. rx-chains=0,1,2,3 security=securityTehnicalWifi ssid=TehnicalWifi \
  210. tx-chains=0,1,2,3
  211. add channel=channelUniversal country=russia2 datapath=\
  212. datapath1Stage1-4_TehnicalWifi mode=ap name=cfg6_Stage2_TehnicalWifi \
  213. rx-chains=0,1,2,3 security=securityTehnicalWifi ssid=TehnicalWifi \
  214. tx-chains=0,1,2,3
  215. add channel=channelUniversal country=russia2 datapath=\
  216. datapath1Stage1-4_TehnicalWifi mode=ap name=cfg7Stage4_409_TehnicalWifi \
  217. rx-chains=0,1,2,3 security=securityTehnicalWifi ssid=TehnicalWifi \
  218. tx-chains=0,1,2,3
  219. add channel=channelUniversal country=russia2 datapath=\
  220. datapath1Stage1-4_TehnicalWifi mode=ap name=cfg8_Stage2_209_TehnicalWifi \
  221. rx-chains=0,1,2,3 security=securityTehnicalWifi ssid=TehnicalWifi \
  222. tx-chains=0,1,2,3
  223. add channel=channelUniversal country=russia2 datapath=datapath2Stage4 mode=ap \
  224. name=cfg12_TehnicalWifi rx-chains=0,1,2,3 security=securityTehnicalWifi \
  225. ssid=TehnicalWifi tx-chains=0,1,2,3
  226. /caps-man interface
  227. add channel=channelUniversal channel.frequency=\
  228. 2412,2417,2422,2427,2432,2437,2442,2447,2452,2457,2462,2467,2472 \
  229. configuration=cfg6_Stage2_TehnicalWifi disabled=no l2mtu=1600 \
  230. mac-address=CC:2D:E0:01:15:25 master-interface=MikroTik_Administraciya \
  231. name="MikroTik_Adm_Technical Wifi" radio-mac=CC:2D:E0:01:15:25 \
  232. radio-name=CC2DE0011525
  233. add channel.frequency=2422 configuration=cfg6_Stage2_TehnicalWifi disabled=no \
  234. l2mtu=1600 mac-address=CC:2D:E0:12:2C:33 master-interface=\
  235. Mikrotik_BarLondon name=MikroTik_BarLondon_TechnicalWiFI radio-mac=\
  236. CC:2D:E0:12:2C:33 radio-name=CC2DE0122C33
  237. add channel=channelUniversal channel.frequency=\
  238. 2412,2417,2422,2427,2432,2437,2442,2447,2452,2457,2462,2467,2472 \
  239. configuration=cfg6_Stage2_TehnicalWifi disabled=no l2mtu=1600 \
  240. mac-address=2C:C8:1B:14:56:CB master-interface=MikroTik_Dublin name=\
  241. MikroTik_Dublin_TechnicalWi-FI radio-mac=2C:C8:1B:14:56:CB radio-name=\
  242. 2CC81B1456CB
  243. add channel.frequency=\
  244. 2412,2417,2422,2427,2432,2437,2442,2447,2452,2457,2462,2467,2472 \
  245. configuration=cfg6_Stage2_TehnicalWifi disabled=yes l2mtu=1600 \
  246. mac-address=08:55:31:11:9A:0F master-interface=MikroTik_FitnessFIJI name=\
  247. MikroTik_FitnessFIJI_Technical radio-mac=08:55:31:11:9A:0F radio-name=\
  248. 085531119A0F
  249. add channel=channelUniversal channel.frequency=\
  250. 2412,2417,2422,2427,2432,2437,2442,2447,2452,2457,2462,2467,2472 \
  251. configuration=cfg6_Stage2_TehnicalWifi disabled=yes l2mtu=1600 \
  252. mac-address=2C:C8:1B:B4:F0:AD master-interface=MikroTik_Fitness name=\
  253. MikroTik_Fitness_Technical radio-mac=2C:C8:1B:B4:F0:AD radio-name=\
  254. 2CC81BB4F0AD
  255. add configuration=cfg6_Stage2_TehnicalWifi disabled=no l2mtu=1600 \
  256. mac-address=66:D1:54:F3:E6:FE master-interface=MikroTik_Stage0_Prachka \
  257. name=MikroTik_Stage0_Prachka_TehnicalWifi radio-mac=00:00:00:00:00:00 \
  258. radio-name=""
  259. add configuration=cfg8_Stage2_209_TehnicalWifi disabled=no l2mtu=1600 \
  260. mac-address=64:D1:54:14:4B:83 master-interface="MikroTik_Stage2\B9209" \
  261. name=MikroTik_Stage2_TehnicalWifi radio-mac=64:D1:54:14:4B:83 radio-name=\
  262. ""
  263. add configuration=cfg11Stage3_TehnicalWifi disabled=no l2mtu=1600 \
  264. mac-address=64:D1:54:44:C0:AB master-interface="MikroTik_Stage3\B9315" \
  265. name=MikroTik_Stage3N315_TechnicalWIFI radio-mac=64:D1:54:44:C0:AB \
  266. radio-name=""
  267. add configuration=cfg11Stage3_TehnicalWifi disabled=no l2mtu=1600 \
  268. mac-address=64:D1:54:44:C0:CF master-interface="MikroTik_Stage3\B9309" \
  269. name=MikroTik_Stage3_309_TehnicalWifi radio-mac=64:D1:54:44:C0:CF \
  270. radio-name=""
  271. add configuration=cfg7Stage4_409_TehnicalWifi disabled=no l2mtu=1600 \
  272. mac-address=64:D1:54:49:BF:83 master-interface="MikroTik_Stage4\B9409" \
  273. name=MikroTik_Stage4_409_TehnicalWifi radio-mac=64:D1:54:49:BF:83 \
  274. radio-name=""
  275. add channel=channelUniversal channel.frequency=\
  276. 2412,2417,2422,2427,2432,2437,2442,2447,2452,2457,2462,2467,2472 comment=\
  277. Reseption_Holl configuration=cfg6_Stage2_TehnicalWifi disabled=no l2mtu=\
  278. 1600 mac-address=74:4D:28:1E:DA:67 master-interface=none name=\
  279. Reseption_Holl_Technical radio-mac=74:4D:28:1E:DA:67 radio-name=\
  280. 744D281EDA67
  281. /interface list
  282. add exclude=dynamic name=discover
  283. add name=Wan
  284. /interface wireless security-profiles
  285. set [ find default=yes ] supplicant-identity=MikroTik
  286. /ip hotspot user profile
  287. set [ find default=yes ] keepalive-timeout=2h shared-users=unlimited \
  288. status-autorefresh=1d
  289. /ip ipsec profile
  290. add dh-group=modp1024 enc-algorithm=3des hash-algorithm=md5 name=profile_1
  291. add dh-group=modp1536 name=profile_2
  292. /ip ipsec peer
  293. add address=*****/32 comment="Tayshetskiy 10" disabled=yes name=\
  294. Tayshetskiy10 passive=yes profile=profile_1
  295. /ip ipsec proposal
  296. set [ find default=yes ] auth-algorithms=sha1,md5 enc-algorithms=\
  297. aes-128-cbc,3des
  298. /ip pool
  299. add comment=Management name=PoolVlan2 ranges=172.16.1.40-172.16.1.254
  300. add comment=Servers name=PoolVlan3 ranges=172.16.3.30-172.16.3.254
  301. add comment="Personal network" name=PoolVlan9 ranges=172.16.9.10-172.16.9.254
  302. add comment="VIP network" name=PoolVlan7 ranges=172.16.7.30-172.16.7.254
  303. add comment=Other name=PoolVlan8 ranges=172.16.8.30-172.16.8.254
  304. add comment="VPN network" name=Pool_VPN5 ranges=172.16.5.30-172.16.5.254
  305. /ip dhcp-server
  306. add address-pool=PoolVlan2 disabled=no interface=ManagementVlan2 lease-time=\
  307. 1d name=ServerdhcpVlan2
  308. add address-pool=PoolVlan3 disabled=no interface="Network of ServersVlan3" \
  309. lease-time=1d name=ServerdhcpVlan3
  310. add address-pool=PoolVlan9 disabled=no interface=Teh.PersonalVlan9 \
  311. lease-time=1d name=ServerdhcpVlan9
  312. add address-pool=PoolVlan7 disabled=no interface=UnlimitedSpeedVlan7 \
  313. lease-time=1d name=ServerdhcpVlan7
  314. add address-pool=PoolVlan8 interface=VoiceVlan8 lease-time=1d10m name=\
  315. ServerdhcpVlan8
  316. /ppp profile
  317. add dns-server=172.16.5.1,8.8.8.8 local-address=172.16.5.1 name=MyVPN2 \
  318. only-one=no remote-address=Pool_VPN5 use-encryption=yes
  319. /queue type
  320. add kind=pcq name=sip pcq-classifier=\
  321. src-address,dst-address,src-port,dst-port pcq-dst-address6-mask=64 \
  322. pcq-rate=100k pcq-src-address6-mask=64
  323. add kind=pcq name=rdp pcq-classifier=\
  324. src-address,dst-address,src-port,dst-port pcq-dst-address6-mask=64 \
  325. pcq-rate=1M pcq-src-address6-mask=64
  326. add kind=pcq name=pcq-download-2M pcq-classifier=dst-address pcq-rate=2M
  327. add kind=pcq name=pcq-upload-2M pcq-classifier=src-address pcq-rate=2M
  328. /snmp community
  329. set [ find default=yes ] addresses=0.0.0.0/0
  330. /user group
  331. set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
  332. sword,web,sniff,sensitive,api,romon,dude,tikapp"
  333. /caps-man manager
  334. set enabled=yes
  335. /caps-man provisioning
  336. add action=create-dynamic-enabled comment=MikroTIK_209 hw-supported-modes=gn \
  337. master-configuration=cfg6_Stage2 radio-mac=64:D1:54:14:4B:7E
  338. add action=create-dynamic-enabled comment=MikroTIK_215 hw-supported-modes=gn \
  339. master-configuration=cfg11_Stage2 radio-mac=64:D1:54:25:29:D8
  340. add action=create-dynamic-enabled comment=MikroTIK_305 hw-supported-modes=gn \
  341. master-configuration=cfg11Stage3 radio-mac=64:D1:54:25:29:8A
  342. add action=create-dynamic-enabled comment=MikroTIK_315 hw-supported-modes=gn \
  343. master-configuration=cfg6Stage3 radio-mac=64:D1:54:44:C0:A6
  344. add action=create-dynamic-enabled comment=MikroTIK_309 hw-supported-modes=gn \
  345. master-configuration=cfg2Stage3 radio-mac=64:D1:54:44:C0:CA
  346. add action=create-dynamic-enabled comment=MikroTIK_409 hw-supported-modes=gn \
  347. master-configuration=cfg12Stage4 radio-mac=64:D1:54:49:BF:7E
  348. add action=create-dynamic-enabled comment=MikroTIK_405 hw-supported-modes=gn \
  349. master-configuration=cfg1Stage4 radio-mac=64:D1:54:46:D1:06
  350. add action=create-dynamic-enabled comment=MikroTIK_415 hw-supported-modes=gn \
  351. master-configuration=cfg6_Stage4 radio-mac=64:D1:54:EC:19:FA
  352. add action=create-dynamic-enabled comment=MikroTIK_205 hw-supported-modes=gn \
  353. master-configuration=cfg11_Stage2 radio-mac=64:D1:54:26:FA:42
  354. add action=create-dynamic-enabled comment=MikroTIK_Prachka \
  355. hw-supported-modes=gn master-configuration=cfg1Stage0 radio-mac=\
  356. 64:D1:54:F3:E6:F9
  357. add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
  358. cfg1Stage2DublinBar radio-mac=CC:2D:E0:12:2C:2E
  359. add action=create-dynamic-enabled comment=MikroTIK_Sauna1 hw-supported-modes=\
  360. gn master-configuration=cfg1Stage0 radio-mac=CC:2D:E0:01:15:20
  361. add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
  362. cfg11Stage0 radio-mac=CC:2D:E0:02:51:6F
  363. add action=create-dynamic-enabled comment=MikroTIK_401 hw-supported-modes=gn \
  364. master-configuration=cfg6_Stage4 radio-mac=CC:2D:E0:BE:73:6A
  365. add action=create-dynamic-enabled comment=MikroTIK_312 hw-supported-modes=gn \
  366. master-configuration=cfg1Stage3 radio-mac=CC:2D:E0:A7:3E:7E
  367. add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
  368. cfg1Stage2DublinBar radio-mac=B8:69:F4:2E:6E:F1
  369. add action=create-dynamic-enabled comment=MikroTik_301 hw-supported-modes=gn \
  370. master-configuration=cfg1Stage3 radio-mac=CC:2D:E0:BE:0A:0A
  371. add action=create-dynamic-enabled comment="Hostel Koridor" \
  372. hw-supported-modes=gn master-configuration=cfg1_Stage2 radio-mac=\
  373. CC:2D:E0:19:D2:8E
  374. add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
  375. cfg1_Stage2 radio-mac=CC:2D:E0:EF:A1:EC
  376. add action=create-dynamic-enabled comment=MikroTik_201 hw-supported-modes=gn \
  377. master-configuration=cfg6_Stage2 radio-mac=74:4D:28:98:C7:EA
  378. add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
  379. cfg6_Stage2 radio-mac=4C:5E:0C:69:10:64
  380. add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
  381. cfg3BarLondon radio-mac=CC:2D:E0:12:2C:33
  382. add action=create-dynamic-enabled comment=MikroTik_DublinBar \
  383. hw-supported-modes=gn master-configuration=cfg1Stage2DublinBar radio-mac=\
  384. 2C:C8:1B:14:56:CB
  385. add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
  386. cfg1Stage4 radio-mac=CC:2D:E0:01:15:20
  387. add action=create-dynamic-enabled comment=Resepshen_Holl disabled=yes \
  388. master-configuration=cfg1_Stage2 name-format=prefix-identity radio-mac=\
  389. 74:4D:28:1E:DA:67 slave-configurations=*11,cfg6_Stage2_TehnicalWifi
  390. add action=create-dynamic-enabled comment=Fitness disabled=yes \
  391. master-configuration=cfg1Stage0 name-format=prefix-identity radio-mac=\
  392. 2C:C8:1B:B4:F0:AC slave-configurations=*11
  393. add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
  394. cfg1_Stage2 radio-mac=08:55:31:11:9A:0A
  395. add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
  396. cfg1_Stage2 radio-mac=74:4D:28:98:C7:EA slave-configurations=\
  397. cfg6_Stage2_TehnicalWifi
  398. add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
  399. cfg1_Stage2 radio-mac=CC:2D:E0:A7:3E:ED slave-configurations=\
  400. cfg11Stage3_TehnicalWifi
  401. /interface bridge port
  402. add bridge=bridge_DOM.RU comment="Guest DOMRU Network" interface=vlan_Dom.Ru
  403. add bridge=bridge_Local comment="UPLINK to Switch Ring 52 Port" interface=\
  404. ether1 multicast-router=disabled
  405. add bridge=bridge_Local comment="UPLINK to Switch Hostel 25 Port" interface=\
  406. ether3 multicast-router=disabled
  407. add bridge=bridge_Local comment=Reserve interface=ether2 multicast-router=\
  408. disabled pvid=3
  409. add bridge=bridge_Local comment=1C-Servers interface=ether10 pvid=3
  410. add bridge=bridge_Local comment=\
  411. "SIP \F2\E5\EB\E5\F4\EE\ED \D0\E5\F1\E5\EF\F8\E5\ED MP 202 \F8\EB\FE\E7" \
  412. interface=ether4 pvid=9
  413. add bridge=bridge_Local comment=Reserve interface=ether8 pvid=3
  414. add bridge=bridge_Local comment="Up-Link Mikrotik_Reseption" interface=ether9
  415. /interface bridge settings
  416. set use-ip-firewall-for-vlan=yes
  417. /ip neighbor discovery-settings
  418. set discover-interface-list=discover
  419. /interface bridge vlan
  420. add bridge=bridge_Local comment=MGMT tagged=ether1,ether3,ether9,bridge_Local \
  421. vlan-ids=2
  422. add bridge=bridge_Local comment="Servers Network" tagged=\
  423. bridge_Local,ether1,ether3 untagged=ether8,ether2 vlan-ids=3
  424. add bridge=bridge_Local comment=Voip disabled=yes tagged=\
  425. bridge_Local,ether3,ether1 vlan-ids=8
  426. add bridge=bridge_Local comment=DOMRU tagged=\
  427. ether3,ether1,bridge_Local,ether9 vlan-ids=3603
  428. add bridge=bridge_Local comment=Vip tagged=ether1,bridge_Local,ether9 \
  429. vlan-ids=7
  430. add bridge=bridge_Local tagged=ether1,bridge_Local,ether9,ether3 untagged=\
  431. ether4 vlan-ids=9
  432. /interface l2tp-server server
  433. set authentication=mschap2 enabled=yes ipsec-secret=***** use-ipsec=yes
  434. /interface list member
  435. add interface=ManagementVlan2 list=discover
  436. add interface=ether6 list=Wan
  437. add interface=pppoe-out1 list=Wan
  438. add interface=ether4 list=discover
  439. add interface=ether2 list=discover
  440. /interface pptp-server server
  441. set default-profile=default
  442. /ip address
  443. add address=172.16.1.1/24 comment="Network device management MGMT" interface=\
  444. ManagementVlan2 network=172.16.1.0
  445. add address=172.16.3.1/24 comment="Servers network" interface=\
  446. "Network of ServersVlan3" network=172.16.3.0
  447. add address=172.16.7.1/24 comment="Unlimited speed" interface=\
  448. UnlimitedSpeedVlan7 network=172.16.7.0
  449. add address=172.16.9.1/24 comment=Personal interface=Teh.PersonalVlan9 \
  450. network=172.16.9.0
  451. add address=*****/24 comment="ISP 1 Rostelekom 434011354633 " \
  452. interface=ether6 network=85.172.120.0
  453. /ip cloud
  454. set ddns-enabled=yes
  455. /ip dhcp-server alert
  456. add disabled=no interface=ManagementVlan2
  457. /ip dhcp-server lease
  458. add address=172.16.9.50 client-id=1:90:2b:34:cf:94:af mac-address=\
  459. 90:2B:34:CF:94:AF server=ServerdhcpVlan9
  460. add address=172.16.9.90 client-id=1:bc:5f:f4:6:a0:a7 mac-address=\
  461. BC:5F:F4:06:A0:A7 server=ServerdhcpVlan9
  462. add address=172.16.9.134 client-id=1:68:6d:bc:22:48:d0 comment=\
  463. "\CA\F3\F5\ED\FF" mac-address=68:6D:BC:22:48:D0 server=ServerdhcpVlan9
  464. add address=172.16.9.93 client-id=1:94:e1:ac:d2:8:9e mac-address=\
  465. 94:E1:AC:D2:08:9E server=ServerdhcpVlan9
  466. add address=172.16.3.34 client-id=1:d4:3d:7e:35:af:a8 mac-address=\
  467. D4:3D:7E:35:AF:A8 server=ServerdhcpVlan3
  468. add address=172.16.9.110 client-id=1:48:ea:63:a2:c8:3 mac-address=\
  469. 48:EA:63:A2:C8:03 server=ServerdhcpVlan9
  470. add address=172.16.9.57 client-id=1:0:95:69:d6:60:6a mac-address=\
  471. 00:95:69:D6:60:6A server=ServerdhcpVlan9
  472. add address=172.16.9.51 client-id=1:48:ea:63:a2:c7:f4 mac-address=\
  473. 48:EA:63:A2:C7:F4 server=ServerdhcpVlan9
  474. add address=172.16.9.52 client-id=1:ec:3d:fd:80:63:ff mac-address=\
  475. EC:3D:FD:80:63:FF server=ServerdhcpVlan9
  476. add address=172.16.9.161 client-id=1:44:19:b6:92:9:1b mac-address=\
  477. 44:19:B6:92:09:1B server=ServerdhcpVlan9
  478. add address=172.16.9.49 client-id=1:54:c4:15:96:d:1a mac-address=\
  479. 54:C4:15:96:0D:1A server=ServerdhcpVlan9
  480. add address=172.16.9.60 client-id=1:48:ea:63:cb:c3:34 mac-address=\
  481. 48:EA:63:CB:C3:34 server=ServerdhcpVlan9
  482. add address=172.16.9.74 client-id=1:54:c4:15:ad:f1:60 mac-address=\
  483. 54:C4:15:AD:F1:60 server=ServerdhcpVlan9
  484. add address=172.16.9.75 client-id=1:b4:a3:82:8b:fd:b1 mac-address=\
  485. B4:A3:82:8B:FD:B1 server=ServerdhcpVlan9
  486. add address=172.16.9.63 client-id=1:48:98:ca:46:e8:5c mac-address=\
  487. 48:98:CA:46:E8:5C server=ServerdhcpVlan9
  488. add address=172.16.9.30 client-id=1:bc:1c:81:87:d3:73 mac-address=\
  489. BC:1C:81:87:D3:73 server=ServerdhcpVlan9
  490. add address=172.16.9.61 client-id=1:e0:b9:4d:e4:45:cc mac-address=\
  491. E0:B9:4D:E4:45:CC server=ServerdhcpVlan9
  492. /ip dhcp-server network
  493. add address=172.16.1.0/24 comment=MGMT dns-server=172.16.1.1,8.8.8.8 gateway=\
  494. 172.16.1.1
  495. add address=172.16.3.0/24 comment="Servers Network" dns-server=\
  496. 172.16.3.1,8.8.8.8 gateway=172.16.3.1
  497. add address=172.16.5.0/24 comment="VPN User" dns-server=172.16.5.1,8.8.8.8 \
  498. gateway=172.16.5.1
  499. add address=172.16.7.0/24 comment=VIP dns-server=172.16.7.1,8.8.8.8 gateway=\
  500. 172.16.7.1
  501. add address=172.16.8.0/24 comment=VoIP dns-server=172.16.8.1,8.8.8.8 gateway=\
  502. 172.16.8.1
  503. add address=172.16.9.0/24 comment=Personal dns-server=172.16.9.1,8.8.8.8 \
  504. gateway=172.16.9.1
  505. /ip dns
  506. set allow-remote-requests=yes servers=8.8.8.8
  507. /ip dns static
  508. add address=172.16.3.30 name=Voip.local
  509. add address=172.16.3.12 name=1C-Server.local
  510. add address=172.16.3.6 name=Serveron.local
  511. add address=172.16.3.16 name=TS.local
  512. add address=172.16.9.34 name=Fiji.local
  513. add address=172.16.9.48 name=London.local
  514. add address=172.16.3.32 name=Backup.local
  515. /ip firewall address-list
  516. add address=93.94.221.181 list=Winbox_White
  517. add address=***** list=Winbox_White
  518. add address=178.35.151.148 list=Winbox_White
  519. add address=172.16.1.0/24 list=Winbox_White
  520. add address=172.16.9.87 list=Winbox_White
  521. add address=172.16.9.60 list=Winbox_White
  522. add address=172.16.5.116 list=Winbox_White
  523. add address=172.16.9.126 list=Winbox_White
  524. add address=172.16.5.20 list=Winbox_White
  525. add address=172.16.3.6 list=Winbox_White
  526. add address=172.16.5.147 list=Winbox_White
  527. add address=77.244.212.49-77244.212.62 list=TraveLine
  528. add address=89.248.195.81-89.248.195.94 list=TraveLine
  529. add address=172.16.5.120 list=Winbox_White
  530. add address=77.233.14.2 list=Winbox_White
  531. add address=Sbis.ru list=Sbis
  532. /ip firewall filter
  533. add action=accept chain=forward dst-port=443 protocol=tcp
  534. add action=drop chain=input comment=\
  535. "Bruteforce login prevention(Winbox,PPTP)" dst-address-list=\
  536. winbox_blacklist dst-port=1723,8291 protocol=tcp src-address-list=\
  537. !Winbox_White
  538. add action=accept chain=forward dst-address=172.16.1.0/24 src-address=\
  539. 172.16.3.0/24
  540. add action=add-src-to-address-list address-list=winbox_blacklist \
  541. address-list-timeout=none-dynamic chain=input comment=\
  542. "Bruteforce login prevention(Winbox: stage1)" connection-state=new \
  543. dst-port=1723,8291 protocol=tcp
  544. add action=accept chain=input comment=L2TP dst-port=1701 protocol=udp
  545. add action=accept chain=forward comment=IpSec dst-port=500 protocol=udp
  546. add action=accept chain=forward dst-port=4500 protocol=udp
  547. add action=accept chain=input comment="Allow IPSec-esp" protocol=ipsec-esp
  548. add action=accept chain=input comment="Allow IPSec-ah" protocol=ipsec-ah
  549. add action=accept chain=forward dst-address=10.8.0.0/24 src-address=\
  550. 172.16.9.0/24
  551. add action=drop chain=forward comment="Drop Traffic VIP->Servers" \
  552. dst-address=172.16.3.0/24 src-address=172.16.7.0/24
  553. add action=drop chain=forward dst-address=172.16.7.0/24 src-address=\
  554. 172.16.3.0/24
  555. add action=drop chain=forward comment="Drop Traffic VIP->VoIP" dst-address=\
  556. 172.16.8.0/24 src-address=172.16.7.0/24
  557. add action=drop chain=forward dst-address=172.16.7.0/24 src-address=\
  558. 172.16.8.0/24
  559. add action=drop chain=forward comment="Drop Traffic MGMT->VoIP" dst-address=\
  560. 172.16.8.0/24 src-address=172.16.9.0/24
  561. add action=drop chain=forward dst-address=172.16.9.0/24 src-address=\
  562. 172.16.8.0/24
  563. add action=drop chain=forward comment="Drop Traffic VIP->MGMT" dst-address=\
  564. 172.16.1.0/24 src-address=172.16.7.0/24
  565. add action=drop chain=forward dst-address=172.16.7.0/24 src-address=\
  566. 172.16.1.0/24
  567. add action=drop chain=forward comment="Drop Traffic MGMT->VoIP" dst-address=\
  568. 172.16.8.0/24 src-address=172.16.1.0/24
  569. add action=drop chain=forward dst-address=172.16.1.0/24 src-address=\
  570. 172.16.8.0/24
  571. add action=drop chain=forward comment="Drop Traffic Servers->VoIP" \
  572. dst-address=172.16.8.0/24 src-address=172.16.3.0/24
  573. add action=drop chain=forward dst-address=172.16.3.0/24 src-address=\
  574. 172.16.8.0/24
  575. add action=drop chain=forward comment="Drop Traffic VIP->Personal" \
  576. dst-address=172.16.7.0/24 src-address=172.16.9.0/24
  577. add action=drop chain=forward dst-address=172.16.9.0/24 src-address=\
  578. 172.16.7.0/24
  579. add action=accept chain=forward dst-address=192.168.1.0/24 src-address=\
  580. 172.16.5.0/24
  581. add action=accept chain=forward dst-address=192.168.0.0/24 src-address=\
  582. 172.16.5.0/24
  583. add action=accept chain=input comment=OSPF in-interface=all-ppp protocol=ospf
  584. add action=accept chain=input comment=PPP dst-port=1723 protocol=udp
  585. add action=accept chain=forward dst-port=4000 protocol=tcp
  586. add action=drop chain=output comment="GOOGLE PING DENY 8.8.4.4" dst-address=\
  587. 8.8.4.4 out-interface=ether6
  588. add action=add-src-to-address-list address-list=Winbox_stage1 \
  589. address-list-timeout=1m chain=input connection-state=new dst-port=8291 \
  590. protocol=tcp src-address-list=!Winbox_White
  591. add action=add-src-to-address-list address-list=Winbox_blacklist \
  592. address-list-timeout=none-dynamic chain=input connection-state=new \
  593. dst-port=8291 protocol=tcp src-address-list=Winbox_stage1
  594. add action=reject chain=input comment="drop Winbox brute forcers" dst-port=\
  595. 8291 protocol=tcp reject-with=icmp-network-unreachable src-address-list=\
  596. Winbox_blacklist
  597. add action=drop chain=forward comment="Printers Reseption hp laserJet 428" \
  598. src-address=172.16.9.225
  599. add action=drop chain=forward comment="Printers hp 400 mfp" src-address=\
  600. 172.16.9.89
  601. add action=accept chain=input protocol=gre
  602. add action=drop chain=input comment="DNS ROSTELEKOM" dst-port=53 \
  603. in-interface=ether6 protocol=udp
  604. add action=drop chain=input comment="DNS DOM.RU" dst-port=53 in-interface=\
  605. pppoe-out1 protocol=udp
  606. add action=accept chain=input comment=Estabilished/Related connection-state=\
  607. established,related
  608. add action=accept chain=forward connection-state=established,related
  609. add action=drop chain=forward comment=Invalid connection-state=invalid \
  610. connection-type="" in-interface-list=Wan
  611. add action=drop chain=input connection-state=invalid in-interface-list=Wan
  612. add action=accept chain=input comment=WinBox dst-port=8291 protocol=tcp \
  613. src-address-list=Winbox_White
  614. add action=accept chain=input comment="Allow ping" protocol=icmp
  615. add action=accept chain=forward comment="IIS Server" dst-port=80 protocol=tcp
  616. add action=accept chain=input comment=\
  617. "Bruteforce login prevention(Winbox: droop Winbox brute forcers)" \
  618. dst-port=1723,8291 protocol=tcp src-address-list=winbox_blacklist
  619. /ip firewall mangle
  620. add action=change-mss chain=forward comment=MTU disabled=yes new-mss=1300 \
  621. out-interface=all-ppp passthrough=yes protocol=tcp tcp-flags=syn
  622. add action=mark-connection chain=prerouting comment=ISP1 connection-state=new \
  623. in-interface=ether6 new-connection-mark=from-ISP1 passthrough=yes
  624. add action=mark-routing chain=prerouting connection-mark=from-ISP1 \
  625. new-routing-mark=to-ISP1 passthrough=yes
  626. add action=mark-routing chain=output new-routing-mark=to-ISP1 passthrough=yes \
  627. src-address=*****
  628. add action=mark-routing chain=output connection-mark=from-ISP1 \
  629. new-routing-mark=to-ISP1 passthrough=yes
  630. add action=mark-connection chain=prerouting comment=ISP2 in-interface=\
  631. pppoe-out1 new-connection-mark=from-ISP2 passthrough=yes
  632. add action=mark-routing chain=prerouting connection-mark=from-ISP2 \
  633. new-routing-mark=to-ISP2 passthrough=yes
  634. add action=mark-routing chain=output connection-mark=from-ISP2 \
  635. new-routing-mark=to-ISP2 passthrough=yes
  636. add action=mark-routing chain=output new-routing-mark=to-ISP2 passthrough=yes \
  637. src-address=*****
  638. add action=mark-packet chain=forward comment=Web connection-mark=from-ISP2 \
  639. disabled=yes new-packet-mark=web_out out-interface=pppoe-out1 \
  640. passthrough=no routing-mark=to-ISP2
  641. add action=mark-packet chain=forward connection-mark=from-ISP2 disabled=yes \
  642. in-interface=pppoe-out1 new-packet-mark=web_in passthrough=no \
  643. routing-mark=to-ISP2
  644. add action=mark-packet chain=forward connection-mark=from-ISP2 disabled=yes \
  645. new-packet-mark=web_vpn_in out-interface=all-ppp passthrough=no
  646. add action=mark-packet chain=forward connection-mark=from-ISP2 disabled=yes \
  647. in-interface=all-ppp new-packet-mark=web_vpn_out passthrough=no
  648. add action=mark-connection chain=input comment=L2TP disabled=yes dst-port=\
  649. 1701,500,4500 new-connection-mark=L2TP_IN passthrough=no protocol=udp
  650. add action=mark-packet chain=prerouting connection-mark=L2TP_IN disabled=yes \
  651. new-packet-mark=L2TP_OUT passthrough=no
  652. add action=mark-connection chain=output disabled=yes new-connection-mark=\
  653. L2TP_OUT passthrough=no protocol=udp src-port=1701,4500,500
  654. add action=mark-packet chain=postrouting connection-mark=L2TP_OUT disabled=\
  655. yes new-packet-mark=L2TP_IN passthrough=no
  656. add action=mark-connection chain=prerouting comment=Sip disabled=yes \
  657. dst-port=5060,20000-50000 new-connection-mark=sip passthrough=no \
  658. protocol=udp
  659. add action=mark-packet chain=forward connection-mark=sip disabled=yes \
  660. in-interface=pppoe-out1 new-packet-mark=Sip_in passthrough=no
  661. add action=mark-packet chain=forward connection-mark=sip disabled=yes \
  662. new-packet-mark=Sip_out out-interface=pppoe-out1 passthrough=no
  663. add action=mark-packet chain=forward connection-mark=sip disabled=yes \
  664. new-packet-mark=vpn_sip_in out-interface=all-ppp passthrough=no
  665. add action=mark-packet chain=forward connection-mark=sip disabled=yes \
  666. in-interface=all-ppp new-packet-mark=vpn_sip_out passthrough=no
  667. add action=mark-connection chain=prerouting comment=Rdp disabled=yes \
  668. dst-port=3389 new-connection-mark=rdp passthrough=no protocol=tcp
  669. add action=mark-packet chain=forward connection-mark=rdp disabled=yes \
  670. in-interface=all-ppp new-packet-mark=rdp_in passthrough=no
  671. add action=mark-packet chain=forward connection-mark=rdp disabled=yes \
  672. new-packet-mark=rdp_out out-interface=all-ppp passthrough=no
  673. add action=mark-packet chain=forward comment=all disabled=yes \
  674. new-packet-mark=vpn_all_in out-interface=all-ppp passthrough=no
  675. add action=mark-packet chain=forward disabled=yes in-interface=all-ppp \
  676. new-packet-mark=vpn_all_out passthrough=no
  677. add action=mark-packet chain=forward disabled=yes new-packet-mark=all_out \
  678. out-interface=pppoe-out1 passthrough=no
  679. add action=mark-packet chain=forward disabled=yes in-interface=pppoe-out1 \
  680. new-packet-mark=all_in passthrough=no
  681. /ip firewall nat
  682. add action=dst-nat chain=dstnat comment="RDP Gateway" dst-port=443 \
  683. in-interface=pppoe-out1 protocol=tcp to-addresses=172.16.3.69 to-ports=\
  684. 443
  685. add action=dst-nat chain=dstnat comment="PPTP Borisov" dst-port=1723 \
  686. in-interface=pppoe-out1 protocol=tcp to-addresses=172.16.3.66 to-ports=\
  687. 1723
  688. add action=dst-nat chain=dstnat comment=Borisov1 dst-port=38889 in-interface=\
  689. pppoe-out1 protocol=tcp to-addresses=172.16.3.65 to-ports=3389
  690. add action=dst-nat chain=dstnat comment=Borisov2 dst-port=8889 in-interface=\
  691. pppoe-out1 protocol=tcp to-addresses=172.16.3.66 to-ports=3389
  692. add action=dst-nat chain=dstnat comment="Video Registrator HikVision" \
  693. dst-port=8000 in-interface=pppoe-out1 protocol=tcp to-addresses=\
  694. 172.16.9.215 to-ports=8000
  695. add action=dst-nat chain=dstnat comment="Lift Dialain" dst-port=46000 \
  696. in-interface=pppoe-out1 log=yes protocol=udp to-addresses=172.16.1.29 \
  697. to-ports=46000
  698. add action=dst-nat chain=dstnat dst-port=46001 in-interface=pppoe-out1 log=\
  699. yes protocol=udp to-addresses=172.16.1.29 to-ports=46001
  700. add action=dst-nat chain=dstnat comment="Apache Server TravelLine" dst-port=\
  701. 82 protocol=tcp to-addresses=172.16.3.16 to-ports=81
  702. add action=dst-nat chain=dstnat comment="EDS-Kolibri Server" dst-port=80 \
  703. in-interface=pppoe-out1 protocol=tcp to-addresses=172.16.3.33 to-ports=80
  704. add action=dst-nat chain=dstnat dst-port=80 in-interface=ether6 protocol=tcp \
  705. to-addresses=172.16.3.33 to-ports=80
  706. add action=dst-nat chain=dstnat comment="EDS Server impuls" dst-port=89 \
  707. in-interface=pppoe-out1 protocol=tcp to-addresses=172.16.3.30 to-ports=80
  708. add action=dst-nat chain=dstnat dst-port=89 in-interface=ether6 protocol=tcp \
  709. to-addresses=172.16.3.30 to-ports=80
  710. add action=dst-nat chain=dstnat comment="EDS Server TEST" dst-port=88 \
  711. in-interface=pppoe-out1 protocol=tcp to-addresses=172.16.3.33 to-ports=80
  712. add action=dst-nat chain=dstnat dst-port=88 in-interface=ether6 protocol=tcp \
  713. to-addresses=172.16.3.33 to-ports=80
  714. add action=masquerade chain=srcnat comment="Nat Domru & Rostelekom" \
  715. out-interface=ether6
  716. add action=masquerade chain=srcnat out-interface=pppoe-out1
  717. /ip firewall service-port
  718. set sip sip-timeout=5m
  719. /ip hotspot user
  720. add name=admin
  721. /ip ipsec identity
  722. add generate-policy=port-override peer=Tayshetskiy10 remote-id=ignore secret=\
  723. *******
  724. # Peer does not exist
  725. add secret=*******
  726. /ip route
  727. add distance=1 gateway=pppoe-out1 routing-mark=ISP2
  728. add distance=1 gateway=85.172.120.101 routing-mark=ISP1
  729. add comment=WLAN2 distance=1 gateway=pppoe-out1
  730. add comment=WLAN1 disabled=yes distance=2 gateway=85.172.120.101
  731. add comment=Google distance=1 dst-address=8.8.4.4/32 gateway=pppoe-out1
  732. /ip route rule
  733. add src-address=*****/32 table=ISP1
  734. add src-address=*****/32 table=ISP2
  735. add dst-address=10.0.0.0/8 table=main
  736. add dst-address=192.168.0.0/16 table=main
  737. add dst-address=172.16.0.0/12 table=main
  738. add routing-mark=to-ISP1 table=ISP1
  739. add routing-mark=to-ISP2 table=ISP2
  740. /ip service
  741. set telnet disabled=yes
  742. set ftp disabled=yes
  743. set www disabled=yes port=99
  744. set ssh disabled=yes
  745. set api address=172.16.1.0/24,172.16.3.0/24 disabled=yes
  746. set winbox address="172.16.9.0/24,77.233.14.2/32,172.16.3.0/24,172.16.5.0/24,1\
  747. 72.16.1.0/24,*****/32,*****/32,93.94.221.181/32"
  748. set api-ssl disabled=yes
  749.  
  750. /routing ospf interface
  751. add authentication=md5 authentication-key=*******
  752. add authentication=md5 authentication-key=******* disabled=yes \
  753. network-type=broadcast passive=yes
  754. add authentication=md5 authentication-key=******* interface=\
  755. "Network of ServersVlan3" network-type=broadcast passive=yes
  756. add authentication=md5 authentication-key=******* interface=\
  757. Teh.PersonalVlan9 network-type=broadcast passive=yes
  758. /routing ospf network
  759. add area=backbone comment="\CC\EE\F1\EA\E2\E0 \EE\F4\E8\F1 \C4\E0\E2\E8\E4" \
  760. network=172.19.19.40/30
  761. add area=backbone comment="\CA\EE\EC\EF\FC\FE\F2\E5\F0\ED\FB\E9 \EA\EB\F3\E1" \
  762. network=172.19.19.36/30
  763. add area=backbone comment="\C5\F0\E5\E2\E0\ED" network=172.19.19.0/30
  764. add area=backbone comment="\D2\E0\E9\F8\E5\F2\F1\EA\E8\E9 10 \C1\E0\E7\E0" \
  765. network=172.19.19.32/30
  766. add area=backbone comment="VPN " network=172.16.5.0/24
  767. add area=backbone comment="\D1\E5\F0\E2\E5\F0\E0" network=172.16.3.0/24
  768. add area=backbone network=172.16.9.0/24
  769. /snmp
  770. set enabled=yes
  771. /system clock
  772. set time-zone-autodetect=no time-zone-name=Europe/Moscow
  773. /system clock manual
  774. set time-zone=+03:00
  775. /system identity
  776. set name="MikroTik *****"
  777. /system note
  778. set note=***** show-at-login=no
  779. /system ntp client
  780. set enabled=yes primary-ntp=88.147.254.232 secondary-ntp=91.226.136.155 \
  781. server-dns-names=ntp1.stratum2.ru
  782. /system scheduler
  783. add disabled=yes interval=1d name=Reboot on-event=" /system reboot" policy=\
  784. ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
  785. start-date=oct/17/2017 start-time=03:00:00
  786. add interval=4w2d name=BackupRouter***** on-event=\
  787. "/system script run ScriptBackup" policy=\
  788. ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
  789. start-date=nov/02/2017 start-time=23:00:24
  790. /tool sniffer
  791. set filter-interface=bridge_Local filter-stream=yes streaming-enabled=yes \
  792. streaming-server=172.16.3.6
  793.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!