From 90fde6a89347479a86407fce101d915b375af163 Mon Sep 17 00:00:00 2001 From: reinsle Date: Thu, 4 Jul 2019 12:12:23 +0200 Subject: [PATCH] =?UTF-8?q?=E2=80=9Emt-kg.ke.einsle.de=E2=80=9C=20l=C3=B6s?= =?UTF-8?q?chen?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- mt-kg.ke.einsle.de | 189 --------------------------------------------- 1 file changed, 189 deletions(-) delete mode 100644 mt-kg.ke.einsle.de diff --git a/mt-kg.ke.einsle.de b/mt-kg.ke.einsle.de deleted file mode 100644 index 32b93af..0000000 --- a/mt-kg.ke.einsle.de +++ /dev/null @@ -1,189 +0,0 @@ -# routerboard: yes -# model: CRS112-8G-4S -# serial-number: 6CFA0698D051 -# firmware-type: qca8513L -# factory-firmware: 3.23 -# current-firmware: 6.45.1 -# upgrade-firmware: 6.45.1 -# -# channel: stable -# installed-version: 6.45.1 -# -# Flags: U - undoable, R - redoable, F - floating-undo -# ACTION BY POLICY -# U user oxidized added admin write -# policy -# -# software id = U6BB-XKEI -# -# model = CRS112-8G-4S -# serial number = 6CFA0698D051 -/interface bridge -add name=br_brigitte protocol-mode=none -add name=br_gast protocol-mode=none -add admin-mac=6C:3B:6B:3C:0D:7C auto-mac=no comment="created from master port" name=br_lan protocol-mode=none -add fast-forward=no name=br_lo protocol-mode=none -add fast-forward=no name=br_mgmt protocol-mode=none -add fast-forward=no name=br_robert protocol-mode=none -add name=br_server protocol-mode=none -add name=br_teresa protocol-mode=none -add name=br_test protocol-mode=none -add name=br_tobias protocol-mode=none -add name=br_voip protocol-mode=none -/interface ethernet -set [ find default-name=ether1 ] comment=mt-eg name=eth1_mteg speed=100Mbps -set [ find default-name=ether2 ] comment=nas name=eth2_nas speed=100Mbps -set [ find default-name=ether3 ] comment="sw01 GE1" name=eth3_sw011 speed=100Mbps -set [ find default-name=ether4 ] comment="sw-01 GE2" name=eth4_sw012 speed=100Mbps -set [ find default-name=ether5 ] comment="FW2 LAN1" name=eth5_fw1eth0 speed=100Mbps -set [ find default-name=ether6 ] comment="FW2 LAN2" name=eth6_fw1eth1 speed=100Mbps -set [ find default-name=ether7 ] comment="horst e1" name=eth7_horste1 speed=100Mbps -set [ find default-name=ether8 ] comment="horst e2" name=eth8_horste2 speed=100Mbps -set [ find default-name=sfp9 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=mt-eg_sfp1 name=sfp9_mteg -set [ find default-name=sfp10 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=mt-test_sfp1 name=sfp10_mttest -set [ find default-name=sfp11 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full -set [ find default-name=sfp12 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=mt-dude name=sfp12_mtdude -/interface vlan -add comment=mgmt interface=br_lan name=vlan1 vlan-id=1 -add comment=dmz interface=br_lan name=vlan2 vlan-id=2 -add comment=mnet interface=br_lan name=vlan3 vlan-id=3 -add comment=kdg interface=br_lan name=vlan4 vlan-id=4 -add comment=server interface=br_lan name=vlan10 vlan-id=10 -add comment=robert interface=br_lan name=vlan42 vlan-id=42 -add comment=brigitte interface=br_lan name=vlan50 vlan-id=50 -add comment=tobias interface=br_lan name=vlan51 vlan-id=51 -add comment=teresa interface=br_lan name=vlan52 vlan-id=52 -add comment=voip interface=br_lan name=vlan60 vlan-id=60 -add comment=test interface=br_lan name=vlan90 vlan-id=90 -add comment=gast interface=br_lan name=vlan99 vlan-id=99 -/interface ethernet switch trunk -add member-ports=eth3_sw011,eth4_sw012 name=tr_sw01 -/interface wireless security-profiles -set [ find default=yes ] supplicant-identity=MikroTik -/ip hotspot profile -set [ find default=yes ] html-directory=flash/hotspot -/ip ipsec policy group -add name=zegowitz -/ip ipsec profile -add dh-group=modp1024 enc-algorithm=aes-128 hash-algorithm=md5 name=profile_1 -/ip ipsec peer -add address=87.140.87.206/32 disabled=yes exchange-mode=aggressive name=peer1 profile=profile_1 -/ip ipsec proposal -add auth-algorithms=md5 name=zegowitz_prop -/routing bgp instance -set default as=65000 router-id=172.24.255.91 -/routing ospf instance -set [ find default=yes ] redistribute-connected=as-type-1 router-id=172.24.255.91 -/snmp community -set [ find default=yes ] addresses=172.24.0.0/16 authentication-password=nUTIRozDeJMiQ2Goj8BR authentication-protocol=SHA1 encryption-password=nUTIRozDeJMiQ2Goj8BR encryption-protocol=AES name=jie6Wao5weeSahs -add addresses=172.24.1.0/24,172.24.10.0/24 authentication-password=nUTIRozDeJMiQ2Goj8BR authentication-protocol=SHA1 encryption-password=nUTIRozDeJMiQ2Goj8BR encryption-protocol=AES name=monitor security=private -add addresses=172.24.10.0/24 name=public -/interface bridge msti -add bridge=br_robert identifier=1 vlan-mapping=42 -/interface bridge port -add bridge=br_robert interface=vlan42 -add bridge=br_server interface=vlan10 -add bridge=br_brigitte interface=vlan50 -add bridge=br_tobias interface=vlan51 -add bridge=br_teresa interface=vlan52 -add bridge=br_voip interface=vlan60 -add bridge=br_mgmt interface=vlan1 -add bridge=br_test interface=vlan90 -add bridge=br_gast interface=vlan99 -add bridge=br_robert interface=eth2_nas -add bridge=br_lan interface=eth3_sw011 -add bridge=br_lan interface=eth4_sw012 -add bridge=br_lan interface=eth5_fw1eth0 -add bridge=br_lan interface=eth6_fw1eth1 -add bridge=br_lan interface=eth7_horste1 -add bridge=br_lan interface=eth8_horste2 -add bridge=br_lan interface=sfp9_mteg -add bridge=br_lan interface=sfp10_mttest -add bridge=br_lan interface=sfp11 -add bridge=br_lan interface=sfp12_mtdude -add bridge=br_lan interface=eth1_mteg -/ip settings -set tcp-syncookies=yes -/interface ethernet switch egress-vlan-tag -add tagged-ports="switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=1 -add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=10 -add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude" vlan-id=42 -add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=50 -add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=51 -add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=60 -add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=90 -add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=99 -add tagged-ports=tr_sw01,eth2_nas,eth7_horste1,eth8_horste2,sfp10_mttest,sfp11 vlan-id=2 -add tagged-ports=tr_sw01,eth2_nas,eth7_horste1,eth8_horste2,sfp9_mteg,sfp11 vlan-id=3 -add tagged-ports=tr_sw01,eth2_nas,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp11 vlan-id=4 -add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=52 -/interface ethernet switch ingress-vlan-translation -add customer-vid=0 new-customer-vid=10 ports=eth7_horste1 -add customer-vid=0 new-customer-vid=42 ports=sfp11 -add customer-vid=0 new-customer-vid=1 ports=tr_sw01 -add customer-vid=0 new-customer-vid=4 ports=eth1_mteg -/interface ethernet switch vlan -add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=1 -add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=10 -add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude" vlan-id=42 -add ports=tr_sw01,eth2_nas,eth7_horste1,eth8_horste2,sfp10_mttest,sfp11 vlan-id=2 -add ports=tr_sw01,eth2_nas,eth7_horste1,eth8_horste2,sfp9_mteg,sfp11 vlan-id=3 -add ports="tr_sw01,eth1_mteg,eth2_nas,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp11" vlan-id=4 -add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=50 -add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=51 -add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=52 -add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=60 -add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=90 -add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=99 -/ip address -add address=172.24.42.91/24 interface=br_robert network=172.24.42.0 -add address=172.24.10.91/24 interface=br_server network=172.24.10.0 -add address=172.24.1.91/24 interface=br_mgmt network=172.24.1.0 -add address=172.24.90.91/24 interface=br_test network=172.24.90.0 -add address=172.24.255.91 interface=br_lo network=172.24.255.91 -add address=172.24.50.91/24 interface=br_brigitte network=172.24.50.0 -add address=172.24.51.91/24 interface=br_tobias network=172.24.51.0 -add address=172.24.52.91/24 interface=br_teresa network=172.24.52.0 -add address=172.24.60.91/24 interface=br_voip network=172.24.60.0 -add address=172.24.99.91/24 interface=br_gast network=172.24.99.0 -add address=172.24.0.1/30 interface=sfp9_mteg network=172.24.0.0 -add address=172.24.0.25/30 interface=sfp12_mtdude network=172.24.0.24 -/ip dhcp-client -add dhcp-options=hostname,clientid disabled=no interface=br_robert -/ip dns -set servers=172.24.10.11,172.24.10.12 -/ip ipsec identity -add my-id=user-fqdn:einsle@reisert.de peer=peer1 policy-template-group=zegowitz secret="tk94BuK39Pdx1rWtw4kykpaT2Dve(\?wrk6zkew3nvmKh)7cY" -/ip ipsec policy -add dst-address=10.11.2.0/24 group=zegowitz proposal=zegowitz_prop src-address=10.11.2.0/24 template=yes -/ip route -add distance=1 gateway=172.24.1.1 -add distance=1 dst-address=172.24.0.0/24 type=blackhole -add distance=1 dst-address=172.24.255.0/24 type=blackhole -/ip service -set www-ssl certificate=mt-ke.ke.einsle.de disabled=no -set api-ssl certificate=mt-ke.ke.einsle.de -/ip ssh -set allow-none-crypto=yes forwarding-enabled=remote -/mpls ldp -set lsr-id=172.24.255.91 transport-address=172.24.255.91 -/routing bgp peer -add address-families=ip,l2vpn,l2vpn-cisco,vpnv4 name=mt-bu remote-address=172.24.255.94 remote-as=65000 route-reflect=yes ttl=default update-source=br_lo -add address-families=ip,l2vpn,l2vpn-cisco,vpnv4 name=mt-dude remote-address=172.24.255.89 remote-as=65000 route-reflect=yes ttl=default update-source=br_lo -/routing ospf network -add area=backbone network=172.24.255.91/32 -add area=backbone network=172.24.1.0/24 -/snmp -set contact="Robert Einsle " enabled=yes location="Kempten, Netzwerkschrank Keller" -/system clock -set time-zone-name=Europe/Berlin -/system identity -set name=mt-kg -/system ntp client -set enabled=yes primary-ntp=172.24.10.11 secondary-ntp=172.24.10.12 -/system upgrade upgrade-package-source -add address=172.24.1.89 user=admin -/tool bandwidth-server -set authenticate=no -/tool romon -set enabled=yes id=6C:3B:6B:3C:0D:7C secrets=78f244b59c