API tools faq
paste
nihi1ist

mk1

nihi1ist
Apr 26th, 2021 (edited)
90
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.17 KB | None | 0 0
raw download clone embed print report
  1. /interface bridge add comment=admin name=bridge1
  2. /interface ethernet set [ find default-name=ether1 ] comment=Astel speed=100Mbps
  3. /interface ethernet set [ find default-name=ether2 ] comment=Beeline speed=100Mbps
  4. /interface ethernet set [ find default-name=ether3 ] comment=pc_admin speed=100Mbps
  5. /interface ethernet set [ find default-name=ether4 ] comment=12_K1 speed=100Mbps
  6. /interface ethernet set [ find default-name=ether5 ] comment=14_K2 speed=100Mbps
  7. /interface ethernet set [ find default-name=ether6 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=16_K3
  8. /interface ethernet set [ find default-name=ether7 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=18_K4
  9. /interface ethernet set [ find default-name=ether8 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=20_K5
  10. /interface ethernet set [ find default-name=ether9 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=22_K6
  11. /interface ethernet set [ find default-name=ether10 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=24_K7 poe-out=off
  12. /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik
  13. /ip ipsec policy group add name=policy_group1
  14. /ip pool add name=dp1 ranges=192.168.12.10-192.168.13.254
  15. /ip pool add name=dp2 ranges=192.168.14.10-192.168.15.254
  16. /ip pool add name=dp3 ranges=192.168.16.10-192.168.17.250
  17. /ip pool add name=dp5 ranges=192.168.20.10-192.168.21.254
  18. /ip pool add name=dp4 ranges=192.168.18.10-192.168.19.254
  19. /ip pool add name=dp6 ranges=192.168.22.10-192.168.23.254
  20. /ip pool add name=dp7 ranges=192.168.24.10-192.168.25.254
  21. /ip dhcp-server add address-pool=dp1 disabled=no interface=ether4 name=dhcp1
  22. /ip dhcp-server add address-pool=dp2 disabled=no interface=ether5 name=dhcp2
  23. /ip dhcp-server add address-pool=dp3 disabled=no interface=bridge1 name=dhcp3
  24. /ip dhcp-server add address-pool=dp4 disabled=no interface=ether7 name=dhcp4
  25. /ip dhcp-server add address-pool=dp5 disabled=no interface=ether8 name=dhcp5
  26. /ip dhcp-server add address-pool=dp6 disabled=no interface=ether9 name=dhcp6
  27. /ip dhcp-server add address-pool=dp7 disabled=no interface=ether10 name=dhcp7
  28. /user group set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
  29. /user group add name=admin policy=local,ssh,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,romon,!telnet,!ftp,!api,!dude,!tikapp
  30. /interface bridge port add bridge=bridge1 interface=ether6
  31. /interface bridge port add bridge=bridge1 interface=ether3
  32. /ip neighbor discovery-settings set discover-interface-list=!dynamic
  33. /interface l2tp-server server set authentication=mschap2 ipsec-secret=Xive2020 use-ipsec=yes
  34. /interface pptp-server server set authentication=mschap2
  35. /ip address add address=192.168.12.1/23 interface=ether4 network=192.168.12.0
  36. /ip address add address=192.168.16.1/23 interface=bridge1 network=192.168.16.0
  37. /ip address add address=192.168.24.1/23 interface=ether10 network=192.168.24.0
  38. /ip address add address=10.1.1.190/30 interface=ether1 network=10.1.1.188
  39. /ip address add address=192.168.14.1/23 interface=ether5 network=192.168.14.0
  40. /ip address add address=192.168.18.1/23 interface=ether7 network=192.168.18.0
  41. /ip address add address=192.168.20.1/23 interface=ether8 network=192.168.20.0
  42. /ip address add address=192.168.22.1/23 interface=ether9 network=192.168.22.0
  43. /ip address add address=10.2.1.154/30 interface=ether2 network=10.2.1.152
  44. /ip dhcp-client add default-route-distance=3 interface=ether2
  45. /ip dhcp-server network add address=192.168.12.0/23 dns-server=192.168.12.1,8.8.4.4 gateway=192.168.12.1
  46. /ip dhcp-server network add address=192.168.14.0/23 dns-server=192.168.14.1,8.8.4.4 gateway=192.168.14.1
  47. /ip dhcp-server network add address=192.168.16.0/23 dns-server=192.168.16.1,8.8.8.8 gateway=192.168.16.1
  48. /ip dhcp-server network add address=192.168.18.0/23 dns-server=192.168.18.1,8.8.4.4 gateway=192.168.18.1
  49. /ip dhcp-server network add address=192.168.20.0/23 dns-server=192.168.20.1,8.8.4.4 gateway=192.168.20.1
  50. /ip dhcp-server network add address=192.168.22.0/23 dns-server=192.168.22.1,8.8.4.4 gateway=192.168.22.1
  51. /ip dhcp-server network add address=192.168.24.0/23 dns-server=192.168.24.1,8.8.4.4 gateway=192.168.24.1
  52. /ip dns set allow-remote-requests=yes servers=8.8.4.4,80.241.32.10,80.241.32.18,192.168.88.3
  53. /ip firewall address-list add address=192.168.14.0/23 list=net_all
  54. /ip firewall address-list add address=192.168.16.0/23 list=net_all
  55. /ip firewall address-list add address=192.168.24.0/23 list=net_all
  56. /ip firewall address-list add address=192.168.12.0/23 list=net_all
  57. /ip firewall address-list add address=192.168.17.251-192.168.17.254 list=admin
  58. /ip firewall address-list add address=192.168.18.0/23 list=net_all
  59. /ip firewall address-list add address=192.168.20.0/23 list=net_all
  60. /ip firewall address-list add address=192.168.22.0/23 list=net_all
  61. /ip firewall address-list add address=192.168.28.0/23 list=net_all
  62. /ip firewall address-list add address=192.168.30.0/23 list=net_all
  63. /ip firewall address-list add address=192.168.32.0/23 list=net_all
  64. /ip firewall address-list add address=192.168.34.0/23 list=net_all
  65. /ip firewall address-list add address=192.168.36.0/23 list=net_all
  66. /ip firewall address-list add address=192.168.38.0/23 list=net_all
  67. /ip firewall address-list add address=192.168.40.0/23 list=net_all
  68. /ip firewall address-list add address=192.168.42.0/23 list=net_all
  69. /ip firewall address-list add address=192.168.44.0/23 list=net_all
  70. /ip firewall filter add action=accept chain=forward dst-address-list=admin src-address-list=net_all
  71. /ip firewall filter add action=accept chain=forward dst-address-list=net_all src-address-list=admin
  72. /ip firewall filter add action=drop chain=input dst-port=53 in-interface=ether1 protocol=udp
  73. /ip firewall filter add action=drop chain=input connection-state=established connection-type=pptp in-interface=ether1
  74. /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1
  75. /ip firewall nat add action=masquerade chain=srcnat out-interface=ether2
  76. /ip route add check-gateway=ping distance=1 gateway=8.8.4.4
  77. /ip route add comment=mk2 distance=1 gateway=192.168.17.252
  78. /ip route add check-gateway=ping disabled=yes distance=2 gateway=8.8.8.8
  79. /ip route add disabled=yes distance=1 gateway=10.2.1.153
  80. /ip route add distance=1 dst-address=0.0.0.0/24 gateway=192.168.44.1
  81. /ip route add distance=1 dst-address=8.8.4.4/32 gateway=10.1.1.189 scope=10
  82. /ip service set telnet disabled=yes
  83. /ip service set ftp disabled=yes
  84. /ip service set www disabled=yes
  85. /ip service set ssh address=192.168.16.0/23
  86. /ip service set api disabled=yes
  87. /ip service set winbox address=192.168.16.0/23
  88. /ip service set api-ssl disabled=yes
  89. /ip ssh set allow-none-crypto=yes forwarding-enabled=remote
  90. /system routerboard settings set auto-upgrade=yes
  91. /system scheduler add disabled=yes name=fw_upd on-event=":if ( [/system routerboard get current-firmware] < [/system routerboard get upgrade-firmware] ) do {\r\
  92. \n/system routerboard upgrade\r\
  93. \n/system reboot\r\
  94. \n}\r\
  95. \n" policy=reboot,read,write,policy,test,password,sniff,sensitive start-time=startup
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!