config/mikrotik/mt-dude.ke.einsle.de

#        routerboard: yes
#         board-name: hEX
#              model: RouterBOARD 750G r3
#      serial-number: 6F3806DF15CA
#      firmware-type: mt7621L
#   factory-firmware: 3.34
#   current-firmware: 6.45.3
#   upgrade-firmware: 6.45.3
# 
#             channel: stable
#   installed-version: 6.45.3
#      latest-version: 6.45.3
#              status: System is already up to date
# 
# Flags: U - undoable, R - redoable, F - floating-undo 
#   ACTION                                   BY               POLICY             
# 
# software id = QCYC-SED2
#
# model = RouterBOARD 750G r3
# serial number = 6F3806DF15CA
/caps-man channel
add band=5ghz-onlyac name=chan_ke_5
add band=2ghz-g/n name=chan_ke_2
/interface bridge
add fast-forward=no name=br_brigitte protocol-mode=none
add fast-forward=no name=br_gast protocol-mode=none
add fast-forward=no name=br_lan protocol-mode=none
add fast-forward=no name=br_lo protocol-mode=none
add fast-forward=no name=br_mgmt protocol-mode=none
add fast-forward=no name=br_robert protocol-mode=none
add fast-forward=no name=br_server protocol-mode=none
add fast-forward=no name=br_teresa protocol-mode=none
add fast-forward=no name=br_test protocol-mode=none
add fast-forward=no name=br_tobias protocol-mode=none
add fast-forward=no name=br_voip protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
/interface vlan
add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan1 vlan-id=1
add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan10 vlan-id=10
add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan42 vlan-id=42
add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan50 vlan-id=50
add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan51 vlan-id=51
add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan52 vlan-id=52
add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan60 vlan-id=60
add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan90 vlan-id=90
add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan99 vlan-id=99
/caps-man datapath
add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=dp_radius
add bridge=br_robert client-to-client-forwarding=yes local-forwarding=no name=dp_robert
add bridge=br_brigitte client-to-client-forwarding=yes local-forwarding=no name=dp_brigitte
add bridge=br_tobias client-to-client-forwarding=yes local-forwarding=no name=dp_tobias
add bridge=br_teresa client-to-client-forwarding=yes local-forwarding=no name=dp_teresa
add bridge=br_gast client-to-client-forwarding=no local-forwarding=no name=dp_gast
/caps-man rates
add basic=12Mbps name=rates supported=12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps
/caps-man security
add authentication-types=wpa2-eap eap-methods=passthrough encryption=aes-ccm group-encryption=aes-ccm name=sec_radius
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_robert passphrase=DasIstEinTest!
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_brigitte passphrase=aH4duhoo
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_tobias passphrase=eifohk5U
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_teresa passphrase=Em0aiLei
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_gast passphrase=aseeci9oQu8Ooru
/caps-man configuration
add channel=chan_ke_5 country=germany datapath=dp_radius hide-ssid=no mode=ap name=cfg_5_radius rates=rates security=sec_radius ssid=wifis.org/ke/bertling
add channel=chan_ke_5 datapath=dp_robert name=cfg_5_robert rates=rates security=sec_robert ssid=wifis.org/ke/robert
add channel=chan_ke_5 datapath=dp_brigitte name=cfg_5_brigitte rates=rates security=sec_brigitte ssid=wifis.org/ke/brigitte
add channel=chan_ke_5 datapath=dp_tobias name=cfg_5_tobias rates=rates security=sec_tobias ssid=wifis.org/ke/tobias
add channel=chan_ke_5 datapath=dp_teresa name=cfg_5_teresa rates=rates security=sec_teresa ssid=wifis.org/ke/teresa
add channel=chan_ke_5 datapath=dp_gast name=cfg_5_gast rates=rates security=sec_gast ssid=wifis.org/ke/gast
add channel=chan_ke_2 country=germany datapath=dp_radius hide-ssid=no mode=ap name=cfg_2_radius rates=rates security=sec_radius ssid=wifis.org/ke/bertling
add channel=chan_ke_2 datapath=dp_brigitte name=cfg_2_brigitte rates=rates security=sec_brigitte ssid=wifis.org/ke/brigitte
add channel=chan_ke_2 datapath=dp_gast name=cfg_2_gast rates=rates security=sec_gast ssid=wifis.org/ke/gast
add channel=chan_ke_2 datapath=dp_robert name=cfg_2_robert rates=rates security=sec_robert ssid=wifis.org/ke/robert
add channel=chan_ke_2 datapath=dp_teresa name=cfg_2_teresa rates=rates security=sec_teresa ssid=wifis.org/ke/teresa
add channel=chan_ke_2 datapath=dp_tobias name=cfg_2_tobias rates=rates security=sec_tobias ssid=wifis.org/ke/tobias
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=pool_robert ranges=172.24.42.110-172.24.42.200
add name=pool_brigitte ranges=172.24.50.110-172.24.50.200
add name=pool_tobias ranges=172.24.51.110-172.24.51.200
add name=pool_teresa ranges=172.24.52.110-172.24.52.200
/ip dhcp-server
add address-pool=pool_robert authoritative=after-2sec-delay interface=br_robert name=dhcp_robert
add address-pool=pool_brigitte authoritative=after-2sec-delay interface=br_brigitte name=dhcp_brigitte
add address-pool=pool_tobias authoritative=after-2sec-delay interface=br_tobias name=dhcp_tobias
add address-pool=pool_teresa authoritative=after-2sec-delay interface=br_teresa name=dhcp_teresa
/routing bgp instance
set default as=65000 client-to-client-reflection=no router-id=172.24.255.89
/routing ospf instance
set [ find default=yes ] redistribute-connected=as-type-1 router-id=172.24.255.89
/snmp community
set [ find default=yes ] addresses=172.24.1.0/24,172.24.10.0/24 authentication-protocol=SHA1 encryption-protocol=AES name=jie6Wao5weeSahs
add addresses=172.24.1.0/24,172.24.10.0/24 authentication-password=nUTIRozDeJMiQ2Goj8BR authentication-protocol=SHA1 encryption-password=nUTIRozDeJMiQ2Goj8BR encryption-protocol=AES name=monitor security=private
add addresses=172.24.10.0/24 name=public
/caps-man manager
set ca-certificate=auto certificate=mt-dude.ke.einsle.de enabled=yes upgrade-policy=suggest-same-version
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=ac,an master-configuration=cfg_5_radius name-format=prefix-identity name-prefix=cap-5- slave-configurations=cfg_5_robert,cfg_5_brigitte,cfg_5_tobias,cfg_5_teresa,cfg_5_gast
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=cfg_2_radius name-format=prefix-identity name-prefix=cap-2- slave-configurations=cfg_2_robert,cfg_2_brigitte,cfg_2_tobias,cfg_2_teresa,cfg_2_gast
/dude
set data-directory=disk1 enabled=yes
/interface bridge port
add bridge=br_mgmt interface=vlan1
add bridge=br_server interface=vlan10
add bridge=br_robert interface=vlan42
add bridge=br_brigitte interface=vlan50
add bridge=br_tobias interface=vlan51
add bridge=br_teresa interface=vlan52
add bridge=br_voip interface=vlan60
add bridge=br_test interface=vlan90
add bridge=br_gast interface=vlan99
add bridge=br_lan interface=ether1
/interface ethernet switch vlan
add independent-learning=yes ports=switch1-cpu,ether1 switch=switch1 vlan-id=1
add independent-learning=yes ports=switch1-cpu,ether1 switch=switch1 vlan-id=10
add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=42
add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=50
add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=51
add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=52
add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=60
add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=90
add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=99
/ip address
add address=172.24.42.89/24 interface=br_robert network=172.24.42.0
add address=172.24.1.89/24 interface=br_mgmt network=172.24.1.0
add address=172.24.10.89/24 interface=br_server network=172.24.10.0
add address=172.24.52.89/24 interface=br_teresa network=172.24.52.0
add address=172.24.50.89/24 interface=br_brigitte network=172.24.50.0
add address=172.24.51.89/24 interface=br_tobias network=172.24.51.0
add address=172.24.255.89 interface=br_lo network=172.24.255.89
add address=172.24.0.26/30 interface=ether1 network=172.24.0.24
add address=172.24.60.89/24 interface=br_voip network=172.24.60.0
/ip dhcp-server network
add address=172.24.42.89/32 dns-server=8.8.8.8,172.24.10.13,172.24.10.17 gateway=172.24.42.2 netmask=24
add address=172.24.50.89/32 dns-server=8.8.8.8,172.24.10.13,172.24.10.17 gateway=172.24.50.2 netmask=24
add address=172.24.51.89/32 dns-server=8.8.8.8,172.24.10.13,172.24.10.17 gateway=172.24.51.2 netmask=24
add address=172.24.52.89/32 dns-server=8.8.8.8,172.24.10.13,172.24.10.17 gateway=172.24.52.2 netmask=24
/ip dns
set servers=172.24.10.11,172.24.10.12
/ip route
add distance=1 gateway=172.24.1.1
/ip smb shares
set [ find default=yes ] directory=/pub
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/mpls ldp
set lsr-id=172.24.255.89 transport-address=172.24.255.89
/mpls ldp interface
add disabled=yes interface=ether1
/radius
add address=172.24.10.25 disabled=yes domain=wlan.ke.einsle.de secret=zu6OhMe8ien5 service=wireless timeout=1s
add address=172.24.42.109 domain=ke.einsle.de secret=ni.xd.ol service=wireless timeout=1s
/routing bgp peer
add address-families=ip,l2vpn,l2vpn-cisco,vpnv4 name=mt-kg remote-address=172.24.255.91 remote-as=65000 ttl=default update-source=br_lo
/routing ospf network
add area=backbone network=172.24.255.89/32
add area=backbone network=172.24.0.24/30
add area=backbone network=172.24.1.0/24
/snmp
set contact="Robert Einsle <robert@einsle.de>" enabled=yes location="Kempten, Keller"
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=mt-dude
/system ntp client
set enabled=yes primary-ntp=172.24.10.13 secondary-ntp=172.24.10.12
/system resource irq rps
set ether1 disabled=no
set ether2 disabled=no
set ether3 disabled=no
set ether4 disabled=no
set ether5 disabled=no
/system scheduler
add interval=1d name=backup on-event="/system backup save name=mt-dude" policy=write start-date=oct/02/2017 start-time=00:00:00
/tool romon
set enabled=yes id=6C:3B:6B:88:34:48 secrets=78f244b59c
update mikrotik/mt-dude.ke.einsle.de 2019-07-04 13:21:09 +02:00			`# routerboard: yes`
			`# board-name: hEX`
			`# model: RouterBOARD 750G r3`
			`# serial-number: 6F3806DF15CA`
			`# firmware-type: mt7621L`
			`# factory-firmware: 3.34`
update mikrotik/mt-dude.ke.einsle.de 2019-08-03 12:00:50 +02:00			`# current-firmware: 6.45.3`
			`# upgrade-firmware: 6.45.3`
update mikrotik/mt-dude.ke.einsle.de 2019-07-04 13:21:09 +02:00			`#`
			`# channel: stable`
update mikrotik/mt-dude.ke.einsle.de 2019-08-03 12:00:50 +02:00			`# installed-version: 6.45.3`
update mikrotik/mt-dude.ke.einsle.de 2019-08-09 07:06:32 +02:00			`# latest-version: 6.45.3`
			`# status: System is already up to date`
update mikrotik/mt-dude.ke.einsle.de 2019-07-04 13:21:09 +02:00			`#`
			`# Flags: U - undoable, R - redoable, F - floating-undo`
			`# ACTION BY POLICY`
			`#`
			`# software id = QCYC-SED2`
			`#`
			`# model = RouterBOARD 750G r3`
			`# serial number = 6F3806DF15CA`
			`/caps-man channel`
			`add band=5ghz-onlyac name=chan_ke_5`
			`add band=2ghz-g/n name=chan_ke_2`
			`/interface bridge`
			`add fast-forward=no name=br_brigitte protocol-mode=none`
			`add fast-forward=no name=br_gast protocol-mode=none`
			`add fast-forward=no name=br_lan protocol-mode=none`
			`add fast-forward=no name=br_lo protocol-mode=none`
			`add fast-forward=no name=br_mgmt protocol-mode=none`
			`add fast-forward=no name=br_robert protocol-mode=none`
			`add fast-forward=no name=br_server protocol-mode=none`
			`add fast-forward=no name=br_teresa protocol-mode=none`
			`add fast-forward=no name=br_test protocol-mode=none`
			`add fast-forward=no name=br_tobias protocol-mode=none`
			`add fast-forward=no name=br_voip protocol-mode=none`
			`/interface ethernet`
			`set [ find default-name=ether1 ] speed=100Mbps`
			`set [ find default-name=ether2 ] speed=100Mbps`
			`set [ find default-name=ether3 ] speed=100Mbps`
			`set [ find default-name=ether4 ] speed=100Mbps`
			`set [ find default-name=ether5 ] speed=100Mbps`
			`/interface vlan`
			`add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan1 vlan-id=1`
			`add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan10 vlan-id=10`
			`add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan42 vlan-id=42`
			`add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan50 vlan-id=50`
			`add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan51 vlan-id=51`
			`add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan52 vlan-id=52`
			`add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan60 vlan-id=60`
			`add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan90 vlan-id=90`
			`add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan99 vlan-id=99`
			`/caps-man datapath`
			`add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=dp_radius`
			`add bridge=br_robert client-to-client-forwarding=yes local-forwarding=no name=dp_robert`
			`add bridge=br_brigitte client-to-client-forwarding=yes local-forwarding=no name=dp_brigitte`
			`add bridge=br_tobias client-to-client-forwarding=yes local-forwarding=no name=dp_tobias`
			`add bridge=br_teresa client-to-client-forwarding=yes local-forwarding=no name=dp_teresa`
			`add bridge=br_gast client-to-client-forwarding=no local-forwarding=no name=dp_gast`
			`/caps-man rates`
			`add basic=12Mbps name=rates supported=12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps`
			`/caps-man security`
			`add authentication-types=wpa2-eap eap-methods=passthrough encryption=aes-ccm group-encryption=aes-ccm name=sec_radius`
			`add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_robert passphrase=DasIstEinTest!`
			`add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_brigitte passphrase=aH4duhoo`
			`add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_tobias passphrase=eifohk5U`
			`add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_teresa passphrase=Em0aiLei`
			`add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_gast passphrase=aseeci9oQu8Ooru`
			`/caps-man configuration`
			`add channel=chan_ke_5 country=germany datapath=dp_radius hide-ssid=no mode=ap name=cfg_5_radius rates=rates security=sec_radius ssid=wifis.org/ke/bertling`
			`add channel=chan_ke_5 datapath=dp_robert name=cfg_5_robert rates=rates security=sec_robert ssid=wifis.org/ke/robert`
			`add channel=chan_ke_5 datapath=dp_brigitte name=cfg_5_brigitte rates=rates security=sec_brigitte ssid=wifis.org/ke/brigitte`
			`add channel=chan_ke_5 datapath=dp_tobias name=cfg_5_tobias rates=rates security=sec_tobias ssid=wifis.org/ke/tobias`
			`add channel=chan_ke_5 datapath=dp_teresa name=cfg_5_teresa rates=rates security=sec_teresa ssid=wifis.org/ke/teresa`
			`add channel=chan_ke_5 datapath=dp_gast name=cfg_5_gast rates=rates security=sec_gast ssid=wifis.org/ke/gast`
			`add channel=chan_ke_2 country=germany datapath=dp_radius hide-ssid=no mode=ap name=cfg_2_radius rates=rates security=sec_radius ssid=wifis.org/ke/bertling`
			`add channel=chan_ke_2 datapath=dp_brigitte name=cfg_2_brigitte rates=rates security=sec_brigitte ssid=wifis.org/ke/brigitte`
			`add channel=chan_ke_2 datapath=dp_gast name=cfg_2_gast rates=rates security=sec_gast ssid=wifis.org/ke/gast`
			`add channel=chan_ke_2 datapath=dp_robert name=cfg_2_robert rates=rates security=sec_robert ssid=wifis.org/ke/robert`
			`add channel=chan_ke_2 datapath=dp_teresa name=cfg_2_teresa rates=rates security=sec_teresa ssid=wifis.org/ke/teresa`
			`add channel=chan_ke_2 datapath=dp_tobias name=cfg_2_tobias rates=rates security=sec_tobias ssid=wifis.org/ke/tobias`
			`/interface wireless security-profiles`
			`set [ find default=yes ] supplicant-identity=MikroTik`
			`/ip hotspot profile`
			`set [ find default=yes ] html-directory=flash/hotspot`
			`/ip pool`
			`add name=pool_robert ranges=172.24.42.110-172.24.42.200`
			`add name=pool_brigitte ranges=172.24.50.110-172.24.50.200`
			`add name=pool_tobias ranges=172.24.51.110-172.24.51.200`
			`add name=pool_teresa ranges=172.24.52.110-172.24.52.200`
			`/ip dhcp-server`
			`add address-pool=pool_robert authoritative=after-2sec-delay interface=br_robert name=dhcp_robert`
			`add address-pool=pool_brigitte authoritative=after-2sec-delay interface=br_brigitte name=dhcp_brigitte`
			`add address-pool=pool_tobias authoritative=after-2sec-delay interface=br_tobias name=dhcp_tobias`
			`add address-pool=pool_teresa authoritative=after-2sec-delay interface=br_teresa name=dhcp_teresa`
			`/routing bgp instance`
			`set default as=65000 client-to-client-reflection=no router-id=172.24.255.89`
			`/routing ospf instance`
			`set [ find default=yes ] redistribute-connected=as-type-1 router-id=172.24.255.89`
			`/snmp community`
			`set [ find default=yes ] addresses=172.24.1.0/24,172.24.10.0/24 authentication-protocol=SHA1 encryption-protocol=AES name=jie6Wao5weeSahs`
			`add addresses=172.24.1.0/24,172.24.10.0/24 authentication-password=nUTIRozDeJMiQ2Goj8BR authentication-protocol=SHA1 encryption-password=nUTIRozDeJMiQ2Goj8BR encryption-protocol=AES name=monitor security=private`
			`add addresses=172.24.10.0/24 name=public`
			`/caps-man manager`
			`set ca-certificate=auto certificate=mt-dude.ke.einsle.de enabled=yes upgrade-policy=suggest-same-version`
			`/caps-man provisioning`
			`add action=create-dynamic-enabled hw-supported-modes=ac,an master-configuration=cfg_5_radius name-format=prefix-identity name-prefix=cap-5- slave-configurations=cfg_5_robert,cfg_5_brigitte,cfg_5_tobias,cfg_5_teresa,cfg_5_gast`
			`add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=cfg_2_radius name-format=prefix-identity name-prefix=cap-2- slave-configurations=cfg_2_robert,cfg_2_brigitte,cfg_2_tobias,cfg_2_teresa,cfg_2_gast`
			`/dude`
			`set data-directory=disk1 enabled=yes`
			`/interface bridge port`
			`add bridge=br_mgmt interface=vlan1`
			`add bridge=br_server interface=vlan10`
			`add bridge=br_robert interface=vlan42`
			`add bridge=br_brigitte interface=vlan50`
			`add bridge=br_tobias interface=vlan51`
			`add bridge=br_teresa interface=vlan52`
			`add bridge=br_voip interface=vlan60`
			`add bridge=br_test interface=vlan90`
			`add bridge=br_gast interface=vlan99`
			`add bridge=br_lan interface=ether1`
			`/interface ethernet switch vlan`
			`add independent-learning=yes ports=switch1-cpu,ether1 switch=switch1 vlan-id=1`
			`add independent-learning=yes ports=switch1-cpu,ether1 switch=switch1 vlan-id=10`
			`add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=42`
			`add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=50`
			`add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=51`
			`add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=52`
			`add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=60`
			`add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=90`
			`add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=99`
			`/ip address`
			`add address=172.24.42.89/24 interface=br_robert network=172.24.42.0`
			`add address=172.24.1.89/24 interface=br_mgmt network=172.24.1.0`
			`add address=172.24.10.89/24 interface=br_server network=172.24.10.0`
			`add address=172.24.52.89/24 interface=br_teresa network=172.24.52.0`
			`add address=172.24.50.89/24 interface=br_brigitte network=172.24.50.0`
			`add address=172.24.51.89/24 interface=br_tobias network=172.24.51.0`
			`add address=172.24.255.89 interface=br_lo network=172.24.255.89`
			`add address=172.24.0.26/30 interface=ether1 network=172.24.0.24`
			`add address=172.24.60.89/24 interface=br_voip network=172.24.60.0`
			`/ip dhcp-server network`
			`add address=172.24.42.89/32 dns-server=8.8.8.8,172.24.10.13,172.24.10.17 gateway=172.24.42.2 netmask=24`
			`add address=172.24.50.89/32 dns-server=8.8.8.8,172.24.10.13,172.24.10.17 gateway=172.24.50.2 netmask=24`
			`add address=172.24.51.89/32 dns-server=8.8.8.8,172.24.10.13,172.24.10.17 gateway=172.24.51.2 netmask=24`
			`add address=172.24.52.89/32 dns-server=8.8.8.8,172.24.10.13,172.24.10.17 gateway=172.24.52.2 netmask=24`
			`/ip dns`
			`set servers=172.24.10.11,172.24.10.12`
			`/ip route`
			`add distance=1 gateway=172.24.1.1`
			`/ip smb shares`
			`set [ find default=yes ] directory=/pub`
			`/ip ssh`
			`set allow-none-crypto=yes forwarding-enabled=remote`
			`/mpls ldp`
			`set lsr-id=172.24.255.89 transport-address=172.24.255.89`
			`/mpls ldp interface`
			`add disabled=yes interface=ether1`
			`/radius`
			`add address=172.24.10.25 disabled=yes domain=wlan.ke.einsle.de secret=zu6OhMe8ien5 service=wireless timeout=1s`
			`add address=172.24.42.109 domain=ke.einsle.de secret=ni.xd.ol service=wireless timeout=1s`
			`/routing bgp peer`
			`add address-families=ip,l2vpn,l2vpn-cisco,vpnv4 name=mt-kg remote-address=172.24.255.91 remote-as=65000 ttl=default update-source=br_lo`
			`/routing ospf network`
			`add area=backbone network=172.24.255.89/32`
			`add area=backbone network=172.24.0.24/30`
			`add area=backbone network=172.24.1.0/24`
			`/snmp`
			`set contact="Robert Einsle <robert@einsle.de>" enabled=yes location="Kempten, Keller"`
			`/system clock`
			`set time-zone-name=Europe/Berlin`
			`/system identity`
			`set name=mt-dude`
			`/system ntp client`
			`set enabled=yes primary-ntp=172.24.10.13 secondary-ntp=172.24.10.12`
			`/system resource irq rps`
			`set ether1 disabled=no`
			`set ether2 disabled=no`
			`set ether3 disabled=no`
			`set ether4 disabled=no`
			`set ether5 disabled=no`
			`/system scheduler`
			`add interval=1d name=backup on-event="/system backup save name=mt-dude" policy=write start-date=oct/02/2017 start-time=00:00:00`
			`/tool romon`
			`set enabled=yes id=6C:3B:6B:88:34:48 secrets=78f244b59c`