Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /interface bridge add comment=admin name=bridge1
- /interface ethernet set [ find default-name=ether1 ] comment=Astel speed=100Mbps
- /interface ethernet set [ find default-name=ether2 ] comment=Beeline speed=100Mbps
- /interface ethernet set [ find default-name=ether3 ] comment=pc_admin speed=100Mbps
- /interface ethernet set [ find default-name=ether4 ] comment=12_K1 speed=100Mbps
- /interface ethernet set [ find default-name=ether5 ] comment=14_K2 speed=100Mbps
- /interface ethernet set [ find default-name=ether6 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=16_K3
- /interface ethernet set [ find default-name=ether7 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=18_K4
- /interface ethernet set [ find default-name=ether8 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=20_K5
- /interface ethernet set [ find default-name=ether9 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=22_K6
- /interface ethernet set [ find default-name=ether10 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=24_K7 poe-out=off
- /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik
- /ip ipsec policy group add name=policy_group1
- /ip pool add name=dp1 ranges=192.168.12.10-192.168.13.254
- /ip pool add name=dp2 ranges=192.168.14.10-192.168.15.254
- /ip pool add name=dp3 ranges=192.168.16.10-192.168.17.250
- /ip pool add name=dp5 ranges=192.168.20.10-192.168.21.254
- /ip pool add name=dp4 ranges=192.168.18.10-192.168.19.254
- /ip pool add name=dp6 ranges=192.168.22.10-192.168.23.254
- /ip pool add name=dp7 ranges=192.168.24.10-192.168.25.254
- /ip dhcp-server add address-pool=dp1 disabled=no interface=ether4 name=dhcp1
- /ip dhcp-server add address-pool=dp2 disabled=no interface=ether5 name=dhcp2
- /ip dhcp-server add address-pool=dp3 disabled=no interface=bridge1 name=dhcp3
- /ip dhcp-server add address-pool=dp4 disabled=no interface=ether7 name=dhcp4
- /ip dhcp-server add address-pool=dp5 disabled=no interface=ether8 name=dhcp5
- /ip dhcp-server add address-pool=dp6 disabled=no interface=ether9 name=dhcp6
- /ip dhcp-server add address-pool=dp7 disabled=no interface=ether10 name=dhcp7
- /user group set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
- /user group add name=admin policy=local,ssh,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,romon,!telnet,!ftp,!api,!dude,!tikapp
- /interface bridge port add bridge=bridge1 interface=ether6
- /interface bridge port add bridge=bridge1 interface=ether3
- /ip neighbor discovery-settings set discover-interface-list=!dynamic
- /interface l2tp-server server set authentication=mschap2 ipsec-secret=Xive2020 use-ipsec=yes
- /interface pptp-server server set authentication=mschap2
- /ip address add address=192.168.12.1/23 interface=ether4 network=192.168.12.0
- /ip address add address=192.168.16.1/23 interface=bridge1 network=192.168.16.0
- /ip address add address=192.168.24.1/23 interface=ether10 network=192.168.24.0
- /ip address add address=10.1.1.190/30 interface=ether1 network=10.1.1.188
- /ip address add address=192.168.14.1/23 interface=ether5 network=192.168.14.0
- /ip address add address=192.168.18.1/23 interface=ether7 network=192.168.18.0
- /ip address add address=192.168.20.1/23 interface=ether8 network=192.168.20.0
- /ip address add address=192.168.22.1/23 interface=ether9 network=192.168.22.0
- /ip address add address=10.2.1.154/30 interface=ether2 network=10.2.1.152
- /ip dhcp-client add default-route-distance=3 interface=ether2
- /ip dhcp-server network add address=192.168.12.0/23 dns-server=192.168.12.1,8.8.4.4 gateway=192.168.12.1
- /ip dhcp-server network add address=192.168.14.0/23 dns-server=192.168.14.1,8.8.4.4 gateway=192.168.14.1
- /ip dhcp-server network add address=192.168.16.0/23 dns-server=192.168.16.1,8.8.8.8 gateway=192.168.16.1
- /ip dhcp-server network add address=192.168.18.0/23 dns-server=192.168.18.1,8.8.4.4 gateway=192.168.18.1
- /ip dhcp-server network add address=192.168.20.0/23 dns-server=192.168.20.1,8.8.4.4 gateway=192.168.20.1
- /ip dhcp-server network add address=192.168.22.0/23 dns-server=192.168.22.1,8.8.4.4 gateway=192.168.22.1
- /ip dhcp-server network add address=192.168.24.0/23 dns-server=192.168.24.1,8.8.4.4 gateway=192.168.24.1
- /ip dns set allow-remote-requests=yes servers=8.8.4.4,80.241.32.10,80.241.32.18,192.168.88.3
- /ip firewall address-list add address=192.168.14.0/23 list=net_all
- /ip firewall address-list add address=192.168.16.0/23 list=net_all
- /ip firewall address-list add address=192.168.24.0/23 list=net_all
- /ip firewall address-list add address=192.168.12.0/23 list=net_all
- /ip firewall address-list add address=192.168.17.251-192.168.17.254 list=admin
- /ip firewall address-list add address=192.168.18.0/23 list=net_all
- /ip firewall address-list add address=192.168.20.0/23 list=net_all
- /ip firewall address-list add address=192.168.22.0/23 list=net_all
- /ip firewall address-list add address=192.168.28.0/23 list=net_all
- /ip firewall address-list add address=192.168.30.0/23 list=net_all
- /ip firewall address-list add address=192.168.32.0/23 list=net_all
- /ip firewall address-list add address=192.168.34.0/23 list=net_all
- /ip firewall address-list add address=192.168.36.0/23 list=net_all
- /ip firewall address-list add address=192.168.38.0/23 list=net_all
- /ip firewall address-list add address=192.168.40.0/23 list=net_all
- /ip firewall address-list add address=192.168.42.0/23 list=net_all
- /ip firewall address-list add address=192.168.44.0/23 list=net_all
- /ip firewall filter add action=accept chain=forward dst-address-list=admin src-address-list=net_all
- /ip firewall filter add action=accept chain=forward dst-address-list=net_all src-address-list=admin
- /ip firewall filter add action=drop chain=input dst-port=53 in-interface=ether1 protocol=udp
- /ip firewall filter add action=drop chain=input connection-state=established connection-type=pptp in-interface=ether1
- /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1
- /ip firewall nat add action=masquerade chain=srcnat out-interface=ether2
- /ip route add check-gateway=ping distance=1 gateway=8.8.4.4
- /ip route add comment=mk2 distance=1 gateway=192.168.17.252
- /ip route add check-gateway=ping disabled=yes distance=2 gateway=8.8.8.8
- /ip route add disabled=yes distance=1 gateway=10.2.1.153
- /ip route add distance=1 dst-address=0.0.0.0/24 gateway=192.168.44.1
- /ip route add distance=1 dst-address=8.8.4.4/32 gateway=10.1.1.189 scope=10
- /ip service set telnet disabled=yes
- /ip service set ftp disabled=yes
- /ip service set www disabled=yes
- /ip service set ssh address=192.168.16.0/23
- /ip service set api disabled=yes
- /ip service set winbox address=192.168.16.0/23
- /ip service set api-ssl disabled=yes
- /ip ssh set allow-none-crypto=yes forwarding-enabled=remote
- /system routerboard settings set auto-upgrade=yes
- /system scheduler add disabled=yes name=fw_upd on-event=":if ( [/system routerboard get current-firmware] < [/system routerboard get upgrade-firmware] ) do {\r\
- \n/system routerboard upgrade\r\
- \n/system reboot\r\
- \n}\r\
- \n" policy=reboot,read,write,policy,test,password,sniff,sensitive start-time=startup
Add Comment
Please, Sign In to add comment