From 11bbae8746d9c1ae16bc563f865792a7c95f1534 Mon Sep 17 00:00:00 2001 From: oxidized Date: Sun, 15 Dec 2019 14:21:26 +0100 Subject: [PATCH] update mikrotik/mt-eg.ke.einsle.de --- mikrotik/mt-eg.ke.einsle.de | 45 ++++++++++++++++++++++++++++--------- 1 file changed, 34 insertions(+), 11 deletions(-) diff --git a/mikrotik/mt-eg.ke.einsle.de b/mikrotik/mt-eg.ke.einsle.de index 0e24b3a..cea0bc7 100644 --- a/mikrotik/mt-eg.ke.einsle.de +++ b/mikrotik/mt-eg.ke.einsle.de @@ -14,10 +14,16 @@ # # Flags: U - undoable, R - redoable, F - floating-undo # ACTION BY POLICY -# U SNTP client configuration changed admin write -# U changed snmp settings admin write -# U dns changed admin write -# U route added admin write +# U filter rule changed admin write +# U filter rule added admin write +# U filter rule changed admin write +# U filter rule added admin write +# U filter rule added admin write +# U filter rule added admin write +# U device changed admin write +# U device changed admin write +# U device changed admin write +# U bridge port changed admin write # # software id = BJZX-XMI3 # @@ -25,6 +31,10 @@ # serial number = 673706FE47BB /interface bridge add name=br_lan protocol-mode=none vlan-filtering=yes +/interface ethernet +set [ find default-name=ether1 ] name=ether1_kg +set [ find default-name=ether2 ] name=ether2_homematic +set [ find default-name=sfp1 ] name=sfp1_kg /interface wireless # managed by CAPsMAN # channel: 2412/20/gn(10dBm), SSID: wifis.org/ke/bertling, CAPsMAN forwarding @@ -41,16 +51,20 @@ set [ find default=yes ] supplicant-identity=MikroTik /ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot /interface bridge port -add bridge=br_lan interface=sfp1 -add bridge=br_lan interface=ether1 -add bridge=br_lan interface=ether2 -add bridge=br_lan interface=ether3 +add bridge=br_lan interface=sfp1_kg +add bridge=br_lan frame-types=admit-only-vlan-tagged interface=ether1_kg +add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether2_homematic pvid=60 +add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=10 add bridge=br_lan interface=ether4 add bridge=br_lan interface=ether5 /interface bridge vlan -add bridge=br_lan tagged=br_lan,sfp1,ether1,vlan1 vlan-ids=1 -add bridge=br_lan tagged=br_lan,sfp1,ether1,vlan10 vlan-ids=10 -add bridge=br_lan tagged=br_lan,sfp1,ether1,vlan42 vlan-ids=42 +add bridge=br_lan tagged=br_lan,sfp1_kg,ether1_kg,vlan1 vlan-ids=1 +add bridge=br_lan tagged=br_lan,sfp1_kg,ether1_kg,vlan10 untagged=ether3 vlan-ids=10 +add bridge=br_lan tagged=br_lan,sfp1_kg,ether1_kg,vlan42 vlan-ids=42 +add bridge=br_lan tagged=br_lan,sfp1_kg,ether1_kg vlan-ids=50 +add bridge=br_lan tagged=br_lan,sfp1_kg,ether1_kg vlan-ids=51 +add bridge=br_lan tagged=br_lan,sfp1_kg,ether1_kg vlan-ids=52 +add bridge=br_lan tagged=br_lan,sfp1_kg,ether1_kg untagged=ether2_homematic vlan-ids=60 /interface wireless cap # set discovery-interfaces=vlan1 enabled=yes interfaces=wlan1,wlan2 @@ -60,10 +74,19 @@ add address=172.24.10.93/24 interface=vlan10 network=172.24.10.0 add address=172.24.42.93/24 interface=vlan42 network=172.24.42.0 /ip dns set servers=172.24.10.11,172.24.10.12 +/ip firewall filter +add action=accept chain=input comment="accept established, related" connection-state=established,related +add action=drop chain=input comment="drop invalid" connection-state=invalid log=yes +add action=accept chain=forward comment="accept established, related" connection-state=established,related +add action=drop chain=forward comment="drop invalid" connection-state=invalid log=yes /ip route add distance=1 gateway=172.24.1.1 +/ip ssh +set host-key-size=4096 strong-crypto=yes /snmp set contact=admin@einsle.de location=Kempten +/system clock +set time-zone-name=Europe/Berlin /system identity set name=mt-eg /system ntp client