2019-07-04 13:21:31 +02:00
|
|
|
# routerboard: yes
|
|
|
|
# model: CRS326-24G-2S+
|
|
|
|
# serial-number: 763C07D3969D
|
|
|
|
# firmware-type: dx3230L
|
|
|
|
# factory-firmware: 3.37
|
2019-09-13 17:16:16 +02:00
|
|
|
# current-firmware: 6.45.6
|
2019-09-13 16:16:00 +02:00
|
|
|
# upgrade-firmware: 6.45.6
|
2019-07-04 13:21:31 +02:00
|
|
|
#
|
|
|
|
# channel: stable
|
2019-09-13 16:16:00 +02:00
|
|
|
# installed-version: 6.45.6
|
2019-09-17 06:35:01 +02:00
|
|
|
# latest-version: 6.45.6
|
|
|
|
# status: System is already up to date
|
2019-07-04 13:21:31 +02:00
|
|
|
#
|
|
|
|
# Flags: U - undoable, R - redoable, F - floating-undo
|
|
|
|
# ACTION BY POLICY
|
|
|
|
#
|
|
|
|
# software id = NK6R-LJLR
|
|
|
|
#
|
|
|
|
# model = CRS326-24G-2S+
|
|
|
|
# serial number = 763C07D3969D
|
|
|
|
/caps-man channel
|
|
|
|
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2412 name=chan_2 tx-power=10
|
|
|
|
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled frequency=5180 name=chan_5 tx-power=20
|
|
|
|
/interface bridge
|
|
|
|
add name=br_lan protocol-mode=none vlan-filtering=yes
|
|
|
|
/interface ethernet
|
|
|
|
set [ find default-name=ether1 ] name=ether1_og
|
|
|
|
set [ find default-name=ether2 ] name=ether2_dg
|
|
|
|
set [ find default-name=ether3 ] name=ether3_prn
|
|
|
|
set [ find default-name=ether4 ] name=ether4_kdg
|
|
|
|
set [ find default-name=ether5 ] name=ether5_wohn
|
|
|
|
set [ find default-name=ether6 ] name=ether6_wap
|
|
|
|
set [ find default-name=ether7 ] name=ether7_b1
|
|
|
|
set [ find default-name=ether8 ] name=ether8_kedc02
|
|
|
|
set [ find default-name=ether9 ] disabled=yes
|
|
|
|
set [ find default-name=ether10 ] disabled=yes
|
|
|
|
set [ find default-name=ether11 ] disabled=yes
|
|
|
|
set [ find default-name=ether12 ] name=ether12_mteg
|
|
|
|
set [ find default-name=ether13 ] name=ether13_buwap
|
|
|
|
set [ find default-name=ether14 ] name=ether14_fw1_lan1
|
|
|
|
set [ find default-name=ether15 ] name=ether15_fw1_lan2
|
|
|
|
set [ find default-name=ether16 ] name=ether16_fw1_lan3
|
|
|
|
set [ find default-name=ether17 ] name=ether17_ohorst1
|
|
|
|
set [ find default-name=ether18 ] name=ether18_ohorst2
|
|
|
|
set [ find default-name=ether19 ] name=ether19_ohorstipmi
|
|
|
|
set [ find default-name=ether20 ] name=ether20_horstipmi
|
|
|
|
set [ find default-name=ether21 ] name=ether21_horst1
|
|
|
|
set [ find default-name=ether22 ] mac-address=64:D1:54:C5:AC:18 name=ether22_horst2
|
|
|
|
set [ find default-name=ether23 ] name=ether23_nas1
|
|
|
|
set [ find default-name=ether24 ] mac-address=64:D1:54:C5:AC:1A name=ether24_nas2
|
|
|
|
set [ find default-name=sfp-sfpplus1 ] name=sfp-sfpplus1-eg
|
|
|
|
/interface vlan
|
|
|
|
add interface=br_lan name=vlan1 vlan-id=1
|
|
|
|
add interface=br_lan name=vlan2 vlan-id=2
|
|
|
|
add interface=br_lan name=vlan4 vlan-id=4
|
|
|
|
add interface=br_lan name=vlan10 vlan-id=10
|
|
|
|
add interface=br_lan name=vlan42 vlan-id=42
|
|
|
|
add interface=br_lan name=vlan50 vlan-id=50
|
|
|
|
add interface=br_lan name=vlan51 vlan-id=51
|
|
|
|
add interface=br_lan name=vlan52 vlan-id=52
|
|
|
|
add interface=br_lan name=vlan60 vlan-id=60
|
|
|
|
add interface=br_lan name=vlan90 vlan-id=90
|
|
|
|
add interface=br_lan name=vlan99 vlan-id=99
|
|
|
|
/interface bonding
|
|
|
|
add mode=802.3ad name=bond_horst slaves=ether21_horst1,ether22_horst2
|
|
|
|
add mode=802.3ad name=bond_nas slaves=ether23_nas1,ether24_nas2
|
|
|
|
/caps-man datapath
|
|
|
|
add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=dp_robert vlan-id=42 vlan-mode=use-tag
|
|
|
|
add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=db_brigitte vlan-id=50 vlan-mode=use-tag
|
|
|
|
add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=dp_tobias vlan-id=51 vlan-mode=use-tag
|
|
|
|
add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=dp_teresa vlan-id=52 vlan-mode=use-tag
|
|
|
|
add bridge=br_lan client-to-client-forwarding=no local-forwarding=no name=dp_gast vlan-id=99 vlan-mode=use-tag
|
|
|
|
add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=dp_radius vlan-mode=use-tag
|
|
|
|
/caps-man rates
|
|
|
|
add basic=12Mbps name=basic_rates_2 supported=12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps
|
|
|
|
add basic=24Mbps name=basic_rates_5 supported=24Mbps,36Mbps,48Mbps,54Mbps
|
|
|
|
/caps-man security
|
|
|
|
add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=sec_robert passphrase=DasIstEinTest!
|
|
|
|
add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=sec_brigitte passphrase=aH4duhoo
|
|
|
|
add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=sec_tobias passphrase=eifohk5U
|
|
|
|
add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=sec_teresa passphrase=Em0aiLei
|
|
|
|
add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=sec_gast passphrase=aseeci9oQu8Ooru
|
|
|
|
add authentication-types=wpa2-eap disable-pmkid=yes eap-methods=passthrough group-key-update=1h name=sec_radius
|
|
|
|
/caps-man configuration
|
|
|
|
add channel=chan_2 country=germany datapath=dp_robert mode=ap name=cfg_2_robert rates=basic_rates_2 security=sec_robert ssid=wifis.org/ke/robert
|
|
|
|
add channel=chan_5 country=germany datapath=db_brigitte mode=ap name=cfg_5_brigitte rates=basic_rates_5 security=sec_brigitte ssid=wifis.org/ke/brigitte
|
|
|
|
add channel=chan_2 country=germany datapath=dp_tobias mode=ap name=cfg_2_tobias rates=basic_rates_2 security=sec_tobias ssid=wifis.org/ke/tobias
|
|
|
|
add channel=chan_2 country=germany datapath=dp_teresa mode=ap name=cfg_2_teresa rates=basic_rates_2 security=sec_teresa ssid=wifis.org/ke/teresa
|
|
|
|
add channel=chan_2 country=germany datapath=dp_gast mode=ap name=cfg_2_gast rates=basic_rates_2 security=sec_gast ssid=wifis.org/ke/gast
|
|
|
|
add channel=chan_2 country=germany datapath=dp_radius mode=ap name=cfg_2_radius rates=basic_rates_2 security=sec_radius ssid=wifis.org/ke/bertling
|
|
|
|
add channel=chan_5 country=germany datapath=dp_radius mode=ap name=cfg_5_radius rates=basic_rates_5 security=sec_radius ssid=wifis.org/ke/bertling
|
|
|
|
add channel=chan_2 country=germany datapath=db_brigitte mode=ap name=cfg_2_brigitte rates=basic_rates_2 security=sec_brigitte ssid=wifis.org/ke/brigitte
|
|
|
|
add channel=chan_5 country=germany datapath=dp_gast mode=ap name=cfg_5_gast rates=basic_rates_5 security=sec_gast ssid=wifis.org/ke/gast
|
|
|
|
add channel=chan_5 country=germany datapath=dp_robert mode=ap name=cfg_5_robert rates=basic_rates_5 security=sec_robert ssid=wifis.org/ke/robert
|
|
|
|
add channel=chan_5 country=germany datapath=dp_teresa mode=ap name=cfg_5_teresa rates=basic_rates_5 security=sec_teresa ssid=wifis.org/ke/teresa
|
|
|
|
add channel=chan_5 country=germany datapath=dp_tobias mode=ap name=cfg_5_tobias rates=basic_rates_5 security=sec_tobias ssid=wifis.org/ke/tobias
|
|
|
|
/interface wireless security-profiles
|
|
|
|
set [ find default=yes ] supplicant-identity=MikroTik
|
|
|
|
/ip hotspot profile
|
|
|
|
set [ find default=yes ] html-directory=flash/hotspot
|
2019-09-03 08:35:03 +02:00
|
|
|
/ip kid-control
|
|
|
|
add disabled=yes fri="" mon="" name=teresa sat="" sun="" thu="" tue="" wed=""
|
|
|
|
add disabled=yes fri="" mon="" name=tobias sat="" sun="" thu="" tue="" wed=""
|
2019-07-04 13:21:31 +02:00
|
|
|
/snmp community
|
|
|
|
set [ find default=yes ] read-access=no
|
|
|
|
add addresses=172.24.0.0/16 authentication-password=nUTIRozDeJMiQ2Goj8BR authentication-protocol=SHA1 encryption-password=nUTIRozDeJMiQ2Goj8BR encryption-protocol=AES name=monitor security=private
|
|
|
|
/caps-man manager
|
|
|
|
set enabled=yes upgrade-policy=suggest-same-version
|
|
|
|
/caps-man manager interface
|
|
|
|
set [ find default=yes ] forbid=yes
|
|
|
|
add disabled=no interface=vlan42
|
|
|
|
add disabled=no interface=vlan1
|
|
|
|
/caps-man provisioning
|
|
|
|
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=cfg_2_radius name-format=prefix-identity name-prefix=cap-2 slave-configurations=cfg_2_robert,cfg_2_brigitte,cfg_2_gast,cfg_2_teresa,cfg_2_tobias
|
|
|
|
add action=create-dynamic-enabled hw-supported-modes=ac,an master-configuration=cfg_5_radius name-format=prefix-identity name-prefix=cap-5 slave-configurations=cfg_5_robert,cfg_5_brigitte,cfg_5_gast,cfg_5_teresa,cfg_5_tobias
|
|
|
|
/interface bridge port
|
|
|
|
add bridge=br_lan frame-types=admit-only-vlan-tagged interface=ether1_og
|
|
|
|
add bridge=br_lan frame-types=admit-only-vlan-tagged interface=ether2_dg
|
|
|
|
add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether3_prn pvid=10
|
|
|
|
add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether4_kdg pvid=4
|
|
|
|
add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether5_wohn pvid=42
|
|
|
|
add bridge=br_lan frame-types=admit-only-vlan-tagged interface=ether6_wap
|
|
|
|
add bridge=br_lan frame-types=admit-only-vlan-tagged interface=ether7_b1
|
|
|
|
add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether8_kedc02 pvid=10
|
|
|
|
add bridge=br_lan interface=ether9
|
|
|
|
add bridge=br_lan interface=ether10
|
|
|
|
add bridge=br_lan interface=ether11
|
|
|
|
add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether12_mteg pvid=42
|
|
|
|
add bridge=br_lan interface=ether13_buwap pvid=42
|
|
|
|
add bridge=br_lan interface=ether14_fw1_lan1
|
|
|
|
add bridge=br_lan interface=ether15_fw1_lan2
|
|
|
|
add bridge=br_lan interface=ether16_fw1_lan3
|
|
|
|
add bridge=br_lan frame-types=admit-only-vlan-tagged interface=ether17_ohorst1
|
|
|
|
add bridge=br_lan frame-types=admit-only-vlan-tagged interface=ether18_ohorst2
|
|
|
|
add bridge=br_lan interface=ether19_ohorstipmi
|
|
|
|
add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether20_horstipmi
|
|
|
|
add bridge=br_lan frame-types=admit-only-vlan-tagged interface=sfp-sfpplus1-eg pvid=42
|
|
|
|
add bridge=br_lan interface=sfp-sfpplus2
|
|
|
|
add bridge=br_lan interface=bond_horst
|
|
|
|
add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=bond_nas pvid=10
|
|
|
|
/interface bridge vlan
|
|
|
|
add bridge=br_lan tagged="br_lan,bond_horst,sfp-sfpplus1-eg,sfp-sfpplus2,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" untagged=ether19_ohorstipmi,ether20_horstipmi vlan-ids=1
|
|
|
|
add bridge=br_lan tagged="br_lan,bond_horst,sfp-sfpplus1-eg,sfp-sfpplus2,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" vlan-ids=2
|
|
|
|
add bridge=br_lan tagged="br_lan,bond_horst,sfp-sfpplus1-eg,sfp-sfpplus2,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" untagged=ether4_kdg vlan-ids=4
|
|
|
|
add bridge=br_lan tagged="br_lan,bond_horst,sfp-sfpplus1-eg,sfp-sfpplus2,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether17_ohorst1,ether18_ohorst2" untagged=bond_nas,ether3_prn,ether8_kedc02 vlan-ids=10
|
|
|
|
add bridge=br_lan tagged="br_lan,bond_horst,sfp-sfpplus1-eg,sfp-sfpplus2,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" untagged=ether5_wohn,ether13_buwap vlan-ids=42
|
|
|
|
add bridge=br_lan tagged="br_lan,sfp-sfpplus1-eg,sfp-sfpplus2,bond_horst,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" vlan-ids=50
|
|
|
|
add bridge=br_lan tagged="br_lan,sfp-sfpplus1-eg,sfp-sfpplus2,bond_horst,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" vlan-ids=51
|
|
|
|
add bridge=br_lan tagged="br_lan,sfp-sfpplus1-eg,sfp-sfpplus2,bond_horst,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" vlan-ids=52
|
|
|
|
add bridge=br_lan tagged="br_lan,sfp-sfpplus1-eg,sfp-sfpplus2,bond_horst,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" vlan-ids=60
|
|
|
|
add bridge=br_lan tagged="br_lan,sfp-sfpplus1-eg,sfp-sfpplus2,bond_horst,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether17_ohorst1,ether18_ohorst2" vlan-ids=90
|
|
|
|
add bridge=br_lan tagged="br_lan,sfp-sfpplus1-eg,sfp-sfpplus2,bond_horst,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether17_ohorst1,ether18_ohorst2" vlan-ids=99
|
|
|
|
add bridge=br_lan tagged=br_lan,bond_horst,ether17_ohorst1,ether18_ohorst2 vlan-ids=11
|
|
|
|
/ip address
|
|
|
|
add address=172.24.1.97/24 interface=vlan1 network=172.24.1.0
|
|
|
|
add address=172.24.10.90/24 interface=vlan10 network=172.24.10.0
|
|
|
|
add address=172.24.42.90/24 interface=vlan42 network=172.24.42.0
|
|
|
|
add address=172.24.4.104/24 interface=vlan4 network=172.24.4.0
|
|
|
|
add address=172.24.42.1/24 disabled=yes interface=vlan42 network=172.24.42.0
|
|
|
|
add address=172.24.1.1/24 disabled=yes interface=vlan1 network=172.24.1.0
|
|
|
|
add address=172.24.10.1/24 disabled=yes interface=vlan10 network=172.24.10.0
|
|
|
|
/ip dhcp-relay
|
|
|
|
add dhcp-server=172.24.10.11,172.24.10.12 disabled=no interface=ether1_og name=relay_42
|
|
|
|
/ip dns
|
|
|
|
set allow-remote-requests=yes servers=172.24.10.11,172.24.10.12
|
2019-09-03 08:35:03 +02:00
|
|
|
/ip kid-control device
|
|
|
|
add mac-address=30:45:96:62:B6:46 name=teresa_handy user=teresa
|
|
|
|
add mac-address=58:C5:CB:AB:13:39 name=tobias_handy user=tobias
|
2019-07-04 13:21:31 +02:00
|
|
|
/ip route
|
|
|
|
add distance=1 gateway=172.24.4.1
|
2019-07-28 16:02:50 +02:00
|
|
|
/ip service
|
|
|
|
set telnet disabled=yes
|
|
|
|
set ftp disabled=yes
|
2019-07-04 13:21:31 +02:00
|
|
|
/ip ssh
|
2019-07-17 13:31:27 +02:00
|
|
|
set forwarding-enabled=remote host-key-size=4096 strong-crypto=yes
|
|
|
|
/radius
|
|
|
|
add address=172.24.10.2 secret=asdfaodfadfzasdf33 service=wireless
|
2019-07-04 13:21:31 +02:00
|
|
|
/snmp
|
|
|
|
set contact=admin@einsle.de enabled=yes location=Kempten
|
|
|
|
/system clock
|
|
|
|
set time-zone-name=Europe/Berlin
|
|
|
|
/system identity
|
|
|
|
set name=mt-kg2
|
|
|
|
/system ntp client
|
|
|
|
set enabled=yes primary-ntp=172.24.10.11 secondary-ntp=172.24.10.12
|
|
|
|
/system routerboard settings
|
|
|
|
set boot-os=router-os
|
|
|
|
/tool romon
|
|
|
|
set enabled=yes id=B2:C1:51:48:4E:4F secrets=78f244b59c
|