config/mikrotik/mt-wap.ke.einsle.de

#        routerboard: yes
#         board-name: wAP ac
#              model: RouterBOARD wAP G-5HacT2HnD
#      serial-number: 69A50527A67C
#      firmware-type: qca9550L
#   factory-firmware: 3.31
#   current-firmware: 6.45.3
#   upgrade-firmware: 6.45.3
# 
#             channel: stable
#   installed-version: 6.45.3
# 
# Flags: U - undoable, R - redoable, F - floating-undo 
#   ACTION                                   BY               POLICY             
# 
# software id = 0ABG-FSCM
#
# model = RouterBOARD wAP G-5HacT2HnD
# serial number = 69A50527A67C
/interface bridge
add fast-forward=no name=br_vlan42 protocol-mode=none
add fast-forward=no name=br_vlan50 protocol-mode=none
add fast-forward=no name=br_vlan51 protocol-mode=none
add fast-forward=no name=br_vlan52 protocol-mode=none
add fast-forward=no name=br_vlan99 protocol-mode=none
add fast-forward=no name=br_wlan protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
/interface wireless
# managed by CAPsMAN
# channel: 2412/20/gn(10dBm), SSID: wifis.org/ke/bertling, CAPsMAN forwarding
set [ find default-name=wlan1 ] ssid=MikroTik
/interface vlan
add interface=br_wlan loop-protect-disable-time=0s loop-protect-send-interval=0s name=br_wlan_vlan42 vlan-id=42
add interface=br_wlan loop-protect-disable-time=0s loop-protect-send-interval=0s name=br_wlan_vlan50 vlan-id=50
add interface=br_wlan loop-protect-disable-time=0s loop-protect-send-interval=0s name=br_wlan_vlan51 vlan-id=51
add interface=br_wlan loop-protect-disable-time=0s loop-protect-send-interval=0s name=br_wlan_vlan52 vlan-id=52
add interface=br_wlan loop-protect-disable-time=0s loop-protect-send-interval=0s name=br_wlan_vlan99 vlan-id=99
add interface=ether1 name=vlan1 vlan-id=1
add interface=ether1 name=vlan10 vlan-id=10
add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan15 vlan-id=15
add interface=ether1 name=vlan42 vlan-id=42
add interface=ether1 name=vlan50 vlan-id=50
add interface=ether1 name=vlan51 vlan-id=51
add interface=ether1 name=vlan52 vlan-id=52
add interface=ether1 name=vlan99 vlan-id=99
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-eap management-protection=allowed mode=dynamic-keys name=sec_radius radius-mac-accounting=yes radius-mac-authentication=yes radius-mac-mode=as-username-and-password supplicant-identity=mt-wap
/interface wireless
# managed by CAPsMAN
# channel: 5180/20/ac(18dBm), SSID: wifis.org/ke/bertling, CAPsMAN forwarding
set [ find default-name=wlan2 ] antenna-gain=2 band=5ghz-a/n/ac channel-width=20/40/80mhz-eeeC country=germany frequency=auto frequency-mode=regulatory-domain security-profile=sec_radius ssid=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/routing ospf instance
set [ find default=yes ] disabled=yes
/snmp community
set [ find default=yes ] addresses=172.24.0.0/16 authentication-password=nUTIRozDeJMiQ2Goj8BR authentication-protocol=SHA1 encryption-password=nUTIRozDeJMiQ2Goj8BR encryption-protocol=AES name=jie6Wao5weeSahs
add addresses=172.24.1.0/24,172.24.10.0/24 authentication-password=nUTIRozDeJMiQ2Goj8BR authentication-protocol=SHA1 encryption-password=nUTIRozDeJMiQ2Goj8BR encryption-protocol=AES name=monitor security=private
/interface bridge port
add bridge=br_vlan42 interface=br_wlan_vlan42
add bridge=br_vlan42 interface=vlan42
add bridge=br_vlan50 interface=br_wlan_vlan50
add bridge=br_vlan50 interface=vlan50
add bridge=br_vlan51 interface=br_wlan_vlan51
add bridge=br_vlan51 interface=vlan51
add bridge=br_vlan52 interface=br_wlan_vlan52
add bridge=br_vlan52 interface=vlan52
add bridge=br_vlan99 interface=br_wlan_vlan99
add bridge=br_vlan99 interface=vlan99
/interface wireless cap
# 
set bridge=br_wlan caps-man-addresses=172.24.1.97 enabled=yes interfaces=wlan1,wlan2
/ip address
add address=172.24.1.92/24 interface=vlan1 network=172.24.1.0
add address=172.24.10.92/24 interface=vlan10 network=172.24.10.0
add address=172.24.42.92/24 interface=vlan42 network=172.24.42.0
add address=172.24.15.92/24 interface=vlan15 network=172.24.15.0
/ip dns
set servers=172.24.10.11,172.24.10.12
/ip route
add distance=1 gateway=172.24.1.1
/ip smb shares
set [ find default=yes ] directory=/pub
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/radius
add address=172.24.10.16 secret=Ofooza9fugee service=wireless
/snmp
set contact="Robert Einsle" enabled=yes location="Kempten, Keller Flur"
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=mt-wap
/system ntp client
set enabled=yes primary-ntp=172.24.10.13 secondary-ntp=172.24.10.12
/tool romon
set enabled=yes id=E4:8D:8C:4B:30:74 secrets=78f244b59c
update mikrotik/mt-wap.ke.einsle.de 2019-07-04 13:23:47 +02:00			`# routerboard: yes`
			`# board-name: wAP ac`
			`# model: RouterBOARD wAP G-5HacT2HnD`
			`# serial-number: 69A50527A67C`
			`# firmware-type: qca9550L`
			`# factory-firmware: 3.31`
update mikrotik/mt-wap.ke.einsle.de 2019-08-03 12:27:48 +02:00			`# current-firmware: 6.45.3`
			`# upgrade-firmware: 6.45.3`
update mikrotik/mt-wap.ke.einsle.de 2019-07-04 13:23:47 +02:00			`#`
			`# channel: stable`
update mikrotik/mt-wap.ke.einsle.de 2019-08-03 12:27:48 +02:00			`# installed-version: 6.45.3`
update mikrotik/mt-wap.ke.einsle.de 2019-07-04 13:23:47 +02:00			`#`
			`# Flags: U - undoable, R - redoable, F - floating-undo`
			`# ACTION BY POLICY`
			`#`
			`# software id = 0ABG-FSCM`
			`#`
			`# model = RouterBOARD wAP G-5HacT2HnD`
			`# serial number = 69A50527A67C`
			`/interface bridge`
			`add fast-forward=no name=br_vlan42 protocol-mode=none`
			`add fast-forward=no name=br_vlan50 protocol-mode=none`
			`add fast-forward=no name=br_vlan51 protocol-mode=none`
			`add fast-forward=no name=br_vlan52 protocol-mode=none`
			`add fast-forward=no name=br_vlan99 protocol-mode=none`
			`add fast-forward=no name=br_wlan protocol-mode=none`
			`/interface ethernet`
			`set [ find default-name=ether1 ] speed=100Mbps`
			`/interface wireless`
			`# managed by CAPsMAN`
			`# channel: 2412/20/gn(10dBm), SSID: wifis.org/ke/bertling, CAPsMAN forwarding`
			`set [ find default-name=wlan1 ] ssid=MikroTik`
			`/interface vlan`
			`add interface=br_wlan loop-protect-disable-time=0s loop-protect-send-interval=0s name=br_wlan_vlan42 vlan-id=42`
			`add interface=br_wlan loop-protect-disable-time=0s loop-protect-send-interval=0s name=br_wlan_vlan50 vlan-id=50`
			`add interface=br_wlan loop-protect-disable-time=0s loop-protect-send-interval=0s name=br_wlan_vlan51 vlan-id=51`
			`add interface=br_wlan loop-protect-disable-time=0s loop-protect-send-interval=0s name=br_wlan_vlan52 vlan-id=52`
			`add interface=br_wlan loop-protect-disable-time=0s loop-protect-send-interval=0s name=br_wlan_vlan99 vlan-id=99`
			`add interface=ether1 name=vlan1 vlan-id=1`
			`add interface=ether1 name=vlan10 vlan-id=10`
			`add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan15 vlan-id=15`
			`add interface=ether1 name=vlan42 vlan-id=42`
			`add interface=ether1 name=vlan50 vlan-id=50`
			`add interface=ether1 name=vlan51 vlan-id=51`
			`add interface=ether1 name=vlan52 vlan-id=52`
			`add interface=ether1 name=vlan99 vlan-id=99`
			`/interface wireless security-profiles`
			`set [ find default=yes ] supplicant-identity=MikroTik`
			`add authentication-types=wpa2-eap management-protection=allowed mode=dynamic-keys name=sec_radius radius-mac-accounting=yes radius-mac-authentication=yes radius-mac-mode=as-username-and-password supplicant-identity=mt-wap`
			`/interface wireless`
			`# managed by CAPsMAN`
			`# channel: 5180/20/ac(18dBm), SSID: wifis.org/ke/bertling, CAPsMAN forwarding`
			`set [ find default-name=wlan2 ] antenna-gain=2 band=5ghz-a/n/ac channel-width=20/40/80mhz-eeeC country=germany frequency=auto frequency-mode=regulatory-domain security-profile=sec_radius ssid=MikroTik`
			`/ip hotspot profile`
			`set [ find default=yes ] html-directory=flash/hotspot`
			`/routing ospf instance`
			`set [ find default=yes ] disabled=yes`
			`/snmp community`
			`set [ find default=yes ] addresses=172.24.0.0/16 authentication-password=nUTIRozDeJMiQ2Goj8BR authentication-protocol=SHA1 encryption-password=nUTIRozDeJMiQ2Goj8BR encryption-protocol=AES name=jie6Wao5weeSahs`
			`add addresses=172.24.1.0/24,172.24.10.0/24 authentication-password=nUTIRozDeJMiQ2Goj8BR authentication-protocol=SHA1 encryption-password=nUTIRozDeJMiQ2Goj8BR encryption-protocol=AES name=monitor security=private`
			`/interface bridge port`
			`add bridge=br_vlan42 interface=br_wlan_vlan42`
			`add bridge=br_vlan42 interface=vlan42`
			`add bridge=br_vlan50 interface=br_wlan_vlan50`
			`add bridge=br_vlan50 interface=vlan50`
			`add bridge=br_vlan51 interface=br_wlan_vlan51`
			`add bridge=br_vlan51 interface=vlan51`
			`add bridge=br_vlan52 interface=br_wlan_vlan52`
			`add bridge=br_vlan52 interface=vlan52`
			`add bridge=br_vlan99 interface=br_wlan_vlan99`
			`add bridge=br_vlan99 interface=vlan99`
			`/interface wireless cap`
			`#`
			`set bridge=br_wlan caps-man-addresses=172.24.1.97 enabled=yes interfaces=wlan1,wlan2`
			`/ip address`
			`add address=172.24.1.92/24 interface=vlan1 network=172.24.1.0`
			`add address=172.24.10.92/24 interface=vlan10 network=172.24.10.0`
			`add address=172.24.42.92/24 interface=vlan42 network=172.24.42.0`
			`add address=172.24.15.92/24 interface=vlan15 network=172.24.15.0`
			`/ip dns`
			`set servers=172.24.10.11,172.24.10.12`
			`/ip route`
			`add distance=1 gateway=172.24.1.1`
			`/ip smb shares`
			`set [ find default=yes ] directory=/pub`
			`/ip ssh`
			`set allow-none-crypto=yes forwarding-enabled=remote`
			`/radius`
			`add address=172.24.10.16 secret=Ofooza9fugee service=wireless`
			`/snmp`
			`set contact="Robert Einsle" enabled=yes location="Kempten, Keller Flur"`
			`/system clock`
			`set time-zone-name=Europe/Berlin`
			`/system identity`
			`set name=mt-wap`
			`/system ntp client`
			`set enabled=yes primary-ntp=172.24.10.13 secondary-ntp=172.24.10.12`
			`/tool romon`
			`set enabled=yes id=E4:8D:8C:4B:30:74 secrets=78f244b59c`