2019-07-04 13:21:26 +02:00
|
|
|
# routerboard: yes
|
|
|
|
# model: CRS112-8G-4S
|
|
|
|
# serial-number: 6CFA0698D051
|
|
|
|
# firmware-type: qca8513L
|
|
|
|
# factory-firmware: 3.23
|
2019-08-03 12:26:39 +02:00
|
|
|
# current-firmware: 6.45.3
|
|
|
|
# upgrade-firmware: 6.45.3
|
2019-07-04 13:21:26 +02:00
|
|
|
#
|
|
|
|
# channel: stable
|
2019-08-03 12:26:39 +02:00
|
|
|
# installed-version: 6.45.3
|
2019-07-04 13:21:26 +02:00
|
|
|
#
|
|
|
|
# Flags: U - undoable, R - redoable, F - floating-undo
|
|
|
|
# ACTION BY POLICY
|
|
|
|
#
|
|
|
|
# software id = U6BB-XKEI
|
|
|
|
#
|
|
|
|
# model = CRS112-8G-4S
|
|
|
|
# serial number = 6CFA0698D051
|
|
|
|
/interface bridge
|
|
|
|
add name=br_brigitte protocol-mode=none
|
|
|
|
add name=br_gast protocol-mode=none
|
|
|
|
add admin-mac=6C:3B:6B:3C:0D:7C auto-mac=no comment="created from master port" name=br_lan protocol-mode=none
|
|
|
|
add fast-forward=no name=br_lo protocol-mode=none
|
|
|
|
add fast-forward=no name=br_mgmt protocol-mode=none
|
|
|
|
add fast-forward=no name=br_robert protocol-mode=none
|
|
|
|
add name=br_server protocol-mode=none
|
|
|
|
add name=br_teresa protocol-mode=none
|
|
|
|
add name=br_test protocol-mode=none
|
|
|
|
add name=br_tobias protocol-mode=none
|
|
|
|
add name=br_voip protocol-mode=none
|
|
|
|
/interface ethernet
|
|
|
|
set [ find default-name=ether1 ] comment=mt-eg name=eth1_mteg speed=100Mbps
|
|
|
|
set [ find default-name=ether2 ] comment=nas name=eth2_nas speed=100Mbps
|
|
|
|
set [ find default-name=ether3 ] comment="sw01 GE1" name=eth3_sw011 speed=100Mbps
|
|
|
|
set [ find default-name=ether4 ] comment="sw-01 GE2" name=eth4_sw012 speed=100Mbps
|
|
|
|
set [ find default-name=ether5 ] comment="FW2 LAN1" name=eth5_fw1eth0 speed=100Mbps
|
|
|
|
set [ find default-name=ether6 ] comment="FW2 LAN2" name=eth6_fw1eth1 speed=100Mbps
|
|
|
|
set [ find default-name=ether7 ] comment="horst e1" name=eth7_horste1 speed=100Mbps
|
|
|
|
set [ find default-name=ether8 ] comment="horst e2" name=eth8_horste2 speed=100Mbps
|
|
|
|
set [ find default-name=sfp9 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=mt-eg_sfp1 name=sfp9_mteg
|
|
|
|
set [ find default-name=sfp10 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=mt-test_sfp1 name=sfp10_mttest
|
|
|
|
set [ find default-name=sfp11 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
|
|
|
|
set [ find default-name=sfp12 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=mt-dude name=sfp12_mtdude
|
|
|
|
/interface vlan
|
|
|
|
add comment=mgmt interface=br_lan name=vlan1 vlan-id=1
|
|
|
|
add comment=dmz interface=br_lan name=vlan2 vlan-id=2
|
|
|
|
add comment=mnet interface=br_lan name=vlan3 vlan-id=3
|
|
|
|
add comment=kdg interface=br_lan name=vlan4 vlan-id=4
|
|
|
|
add comment=server interface=br_lan name=vlan10 vlan-id=10
|
|
|
|
add comment=robert interface=br_lan name=vlan42 vlan-id=42
|
|
|
|
add comment=brigitte interface=br_lan name=vlan50 vlan-id=50
|
|
|
|
add comment=tobias interface=br_lan name=vlan51 vlan-id=51
|
|
|
|
add comment=teresa interface=br_lan name=vlan52 vlan-id=52
|
|
|
|
add comment=voip interface=br_lan name=vlan60 vlan-id=60
|
|
|
|
add comment=test interface=br_lan name=vlan90 vlan-id=90
|
|
|
|
add comment=gast interface=br_lan name=vlan99 vlan-id=99
|
|
|
|
/interface ethernet switch trunk
|
|
|
|
add member-ports=eth3_sw011,eth4_sw012 name=tr_sw01
|
|
|
|
/interface wireless security-profiles
|
|
|
|
set [ find default=yes ] supplicant-identity=MikroTik
|
|
|
|
/ip hotspot profile
|
|
|
|
set [ find default=yes ] html-directory=flash/hotspot
|
|
|
|
/ip ipsec policy group
|
|
|
|
add name=zegowitz
|
|
|
|
/ip ipsec profile
|
|
|
|
add dh-group=modp1024 enc-algorithm=aes-128 hash-algorithm=md5 name=profile_1
|
|
|
|
/ip ipsec peer
|
|
|
|
add address=87.140.87.206/32 disabled=yes exchange-mode=aggressive name=peer1 profile=profile_1
|
|
|
|
/ip ipsec proposal
|
|
|
|
add auth-algorithms=md5 name=zegowitz_prop
|
|
|
|
/routing bgp instance
|
|
|
|
set default as=65000 router-id=172.24.255.91
|
|
|
|
/routing ospf instance
|
|
|
|
set [ find default=yes ] redistribute-connected=as-type-1 router-id=172.24.255.91
|
|
|
|
/snmp community
|
|
|
|
set [ find default=yes ] addresses=172.24.0.0/16 authentication-password=nUTIRozDeJMiQ2Goj8BR authentication-protocol=SHA1 encryption-password=nUTIRozDeJMiQ2Goj8BR encryption-protocol=AES name=jie6Wao5weeSahs
|
|
|
|
add addresses=172.24.1.0/24,172.24.10.0/24 authentication-password=nUTIRozDeJMiQ2Goj8BR authentication-protocol=SHA1 encryption-password=nUTIRozDeJMiQ2Goj8BR encryption-protocol=AES name=monitor security=private
|
|
|
|
add addresses=172.24.10.0/24 name=public
|
|
|
|
/interface bridge msti
|
|
|
|
add bridge=br_robert identifier=1 vlan-mapping=42
|
|
|
|
/interface bridge port
|
|
|
|
add bridge=br_robert interface=vlan42
|
|
|
|
add bridge=br_server interface=vlan10
|
|
|
|
add bridge=br_brigitte interface=vlan50
|
|
|
|
add bridge=br_tobias interface=vlan51
|
|
|
|
add bridge=br_teresa interface=vlan52
|
|
|
|
add bridge=br_voip interface=vlan60
|
|
|
|
add bridge=br_mgmt interface=vlan1
|
|
|
|
add bridge=br_test interface=vlan90
|
|
|
|
add bridge=br_gast interface=vlan99
|
|
|
|
add bridge=br_robert interface=eth2_nas
|
|
|
|
add bridge=br_lan interface=eth3_sw011
|
|
|
|
add bridge=br_lan interface=eth4_sw012
|
|
|
|
add bridge=br_lan interface=eth5_fw1eth0
|
|
|
|
add bridge=br_lan interface=eth6_fw1eth1
|
|
|
|
add bridge=br_lan interface=eth7_horste1
|
|
|
|
add bridge=br_lan interface=eth8_horste2
|
|
|
|
add bridge=br_lan interface=sfp9_mteg
|
|
|
|
add bridge=br_lan interface=sfp10_mttest
|
|
|
|
add bridge=br_lan interface=sfp11
|
|
|
|
add bridge=br_lan interface=sfp12_mtdude
|
|
|
|
add bridge=br_lan interface=eth1_mteg
|
|
|
|
/ip settings
|
|
|
|
set tcp-syncookies=yes
|
|
|
|
/interface ethernet switch egress-vlan-tag
|
|
|
|
add tagged-ports="switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=1
|
|
|
|
add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=10
|
|
|
|
add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude" vlan-id=42
|
|
|
|
add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=50
|
|
|
|
add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=51
|
|
|
|
add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=60
|
|
|
|
add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=90
|
|
|
|
add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=99
|
|
|
|
add tagged-ports=tr_sw01,eth2_nas,eth7_horste1,eth8_horste2,sfp10_mttest,sfp11 vlan-id=2
|
|
|
|
add tagged-ports=tr_sw01,eth2_nas,eth7_horste1,eth8_horste2,sfp9_mteg,sfp11 vlan-id=3
|
|
|
|
add tagged-ports=tr_sw01,eth2_nas,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp11 vlan-id=4
|
|
|
|
add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=52
|
|
|
|
/interface ethernet switch ingress-vlan-translation
|
|
|
|
add customer-vid=0 new-customer-vid=10 ports=eth7_horste1
|
|
|
|
add customer-vid=0 new-customer-vid=42 ports=sfp11
|
|
|
|
add customer-vid=0 new-customer-vid=1 ports=tr_sw01
|
|
|
|
add customer-vid=0 new-customer-vid=4 ports=eth1_mteg
|
|
|
|
/interface ethernet switch vlan
|
|
|
|
add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=1
|
|
|
|
add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=10
|
|
|
|
add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude" vlan-id=42
|
|
|
|
add ports=tr_sw01,eth2_nas,eth7_horste1,eth8_horste2,sfp10_mttest,sfp11 vlan-id=2
|
|
|
|
add ports=tr_sw01,eth2_nas,eth7_horste1,eth8_horste2,sfp9_mteg,sfp11 vlan-id=3
|
|
|
|
add ports="tr_sw01,eth1_mteg,eth2_nas,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp11" vlan-id=4
|
|
|
|
add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=50
|
|
|
|
add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=51
|
|
|
|
add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=52
|
|
|
|
add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=60
|
|
|
|
add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=90
|
|
|
|
add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=99
|
|
|
|
/ip address
|
|
|
|
add address=172.24.42.91/24 interface=br_robert network=172.24.42.0
|
|
|
|
add address=172.24.10.91/24 interface=br_server network=172.24.10.0
|
|
|
|
add address=172.24.1.91/24 interface=br_mgmt network=172.24.1.0
|
|
|
|
add address=172.24.90.91/24 interface=br_test network=172.24.90.0
|
|
|
|
add address=172.24.255.91 interface=br_lo network=172.24.255.91
|
|
|
|
add address=172.24.50.91/24 interface=br_brigitte network=172.24.50.0
|
|
|
|
add address=172.24.51.91/24 interface=br_tobias network=172.24.51.0
|
|
|
|
add address=172.24.52.91/24 interface=br_teresa network=172.24.52.0
|
|
|
|
add address=172.24.60.91/24 interface=br_voip network=172.24.60.0
|
|
|
|
add address=172.24.99.91/24 interface=br_gast network=172.24.99.0
|
|
|
|
add address=172.24.0.1/30 interface=sfp9_mteg network=172.24.0.0
|
|
|
|
add address=172.24.0.25/30 interface=sfp12_mtdude network=172.24.0.24
|
|
|
|
/ip dhcp-client
|
|
|
|
add dhcp-options=hostname,clientid disabled=no interface=br_robert
|
|
|
|
/ip dns
|
|
|
|
set servers=172.24.10.11,172.24.10.12
|
|
|
|
/ip ipsec identity
|
|
|
|
add my-id=user-fqdn:einsle@reisert.de peer=peer1 policy-template-group=zegowitz secret="tk94BuK39Pdx1rWtw4kykpaT2Dve(\?wrk6zkew3nvmKh)7cY"
|
|
|
|
/ip ipsec policy
|
|
|
|
add dst-address=10.11.2.0/24 group=zegowitz proposal=zegowitz_prop src-address=10.11.2.0/24 template=yes
|
|
|
|
/ip route
|
|
|
|
add distance=1 gateway=172.24.1.1
|
|
|
|
add distance=1 dst-address=172.24.0.0/24 type=blackhole
|
|
|
|
add distance=1 dst-address=172.24.255.0/24 type=blackhole
|
|
|
|
/ip service
|
|
|
|
set www-ssl certificate=mt-ke.ke.einsle.de disabled=no
|
|
|
|
set api-ssl certificate=mt-ke.ke.einsle.de
|
|
|
|
/ip ssh
|
2019-07-17 13:31:21 +02:00
|
|
|
set forwarding-enabled=remote host-key-size=4096 strong-crypto=yes
|
2019-07-04 13:21:26 +02:00
|
|
|
/mpls ldp
|
|
|
|
set lsr-id=172.24.255.91 transport-address=172.24.255.91
|
|
|
|
/routing bgp peer
|
|
|
|
add address-families=ip,l2vpn,l2vpn-cisco,vpnv4 name=mt-bu remote-address=172.24.255.94 remote-as=65000 route-reflect=yes ttl=default update-source=br_lo
|
|
|
|
add address-families=ip,l2vpn,l2vpn-cisco,vpnv4 name=mt-dude remote-address=172.24.255.89 remote-as=65000 route-reflect=yes ttl=default update-source=br_lo
|
|
|
|
/routing ospf network
|
|
|
|
add area=backbone network=172.24.255.91/32
|
|
|
|
add area=backbone network=172.24.1.0/24
|
|
|
|
/snmp
|
|
|
|
set contact="Robert Einsle <robert@einsle.de>" enabled=yes location="Kempten, Netzwerkschrank Keller"
|
|
|
|
/system clock
|
|
|
|
set time-zone-name=Europe/Berlin
|
|
|
|
/system identity
|
|
|
|
set name=mt-kg
|
|
|
|
/system ntp client
|
|
|
|
set enabled=yes primary-ntp=172.24.10.11 secondary-ntp=172.24.10.12
|
|
|
|
/system upgrade upgrade-package-source
|
|
|
|
add address=172.24.1.89 user=admin
|
|
|
|
/tool bandwidth-server
|
|
|
|
set authenticate=no
|
|
|
|
/tool romon
|
|
|
|
set enabled=yes id=6C:3B:6B:3C:0D:7C secrets=78f244b59c
|