From 99f55d956c0809661a81a1d5118d1af9418f6f80 Mon Sep 17 00:00:00 2001 From: oxidized Date: Mon, 2 Dec 2019 15:52:43 +0100 Subject: [PATCH] update mikrotik/mt-bu.ke.einsle.de --- mikrotik/mt-bu.ke.einsle.de | 97 ++++++++++++++++++++++++++++--------- 1 file changed, 74 insertions(+), 23 deletions(-) diff --git a/mikrotik/mt-bu.ke.einsle.de b/mikrotik/mt-bu.ke.einsle.de index 731a614..e80aceb 100644 --- a/mikrotik/mt-bu.ke.einsle.de +++ b/mikrotik/mt-bu.ke.einsle.de @@ -8,18 +8,17 @@ # # channel: stable # installed-version: 6.45.7 -# latest-version: 6.45.7 -# status: System is already up to date # # Flags: U - undoable, R - redoable, F - floating-undo # ACTION BY POLICY -# U system identity changed admin write -# U user adm-reinsle added admin write -# policy -# U user admin changed admin write -# policy -# U user oxidized added admin write -# policy +# U service port changed admin write +# U service port changed admin write +# U service port changed admin write +# U service port changed admin write +# U service port changed admin write +# U service port changed admin write +# U service port changed admin write +# U service port changed admin write # # software id = A0ZE-2DFY # @@ -27,6 +26,15 @@ # serial number = 522D04EAB949 /interface bridge add name=br_lan protocol-mode=none vlan-filtering=yes +/interface ethernet +set [ find default-name=ether1 ] loop-protect=on name=eth1_kg rx-flow-control=auto tx-flow-control=auto +set [ find default-name=ether2 ] loop-protect=on name=eth2_gamer42 rx-flow-control=auto tx-flow-control=auto +set [ find default-name=ether3 ] loop-protect=on name=eth3_lappi42 rx-flow-control=auto tx-flow-control=auto +set [ find default-name=ether4 ] loop-protect=on name=eth4_mawoh rx-flow-control=auto tx-flow-control=auto +set [ find default-name=ether5 ] loop-protect=on name=eth5_gelb rx-flow-control=auto tx-flow-control=auto +set [ find default-name=ether6 ] loop-protect=on name=eth6_rot rx-flow-control=auto tx-flow-control=auto +set [ find default-name=ether7 ] loop-protect=on name=eth7_blau rx-flow-control=auto tx-flow-control=auto +set [ find default-name=ether8 ] loop-protect=on name=eth8_weiss rx-flow-control=auto tx-flow-control=auto /interface wireless set [ find default-name=wlan1 ] ssid=MikroTik /interface vlan @@ -36,33 +44,76 @@ add interface=br_lan name=vlan42 vlan-id=42 /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /interface bridge port -add bridge=br_lan interface=ether1 -add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether2 pvid=42 -add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=42 -add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=42 -add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=42 -add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether6 pvid=42 -add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether7 pvid=42 -add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether8 pvid=42 +add bridge=br_lan interface=eth1_kg trusted=yes +add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth2_gamer42 pvid=42 +add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth3_lappi42 pvid=42 +add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth4_mawoh pvid=42 +add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth5_gelb pvid=42 +add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth6_rot pvid=42 +add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth7_blau pvid=42 +add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth8_weiss pvid=42 add bridge=br_lan interface=vlan1 -add bridge=br_lan interface=vlan10 -add bridge=br_lan interface=vlan42 -add bridge=br_lan interface=wlan1 +add bridge=br_lan interface=vlan10 pvid=10 +add bridge=br_lan interface=vlan42 pvid=42 /interface bridge vlan -add bridge=br_lan tagged=br_lan,ether1,vlan42 untagged=ether2,ether3,ether4,ether5,ether6,ether7,ether8 vlan-ids=42 -add bridge=br_lan tagged=br_lan,ether1,vlan10 vlan-ids=10 -add bridge=br_lan tagged=br_lan,ether1,vlan1 vlan-ids=1 +add bridge=br_lan tagged=br_lan,eth1_kg,vlan42 untagged="eth2_gamer42,eth3_lappi42,eth4_mawoh,eth5_gelb,eth6_rot,eth7_blau,eth8_weiss" vlan-ids=42 +add bridge=br_lan tagged=br_lan,eth1_kg,vlan10 vlan-ids=10 +add bridge=br_lan tagged=br_lan,eth1_kg,vlan1 vlan-ids=1 +add bridge=br_lan tagged=br_lan,eth1_kg vlan-ids=50 +add bridge=br_lan tagged=br_lan,eth1_kg vlan-ids=51 +add bridge=br_lan tagged=br_lan,eth1_kg vlan-ids=52 +add bridge=br_lan tagged=br_lan,eth1_kg vlan-ids=60 +add bridge=br_lan tagged=br_lan,eth1_kg vlan-ids=90 +add bridge=br_lan tagged=br_lan,eth1_kg vlan-ids=99 /ip address add address=172.24.1.94/24 interface=vlan1 network=172.24.1.0 add address=172.24.10.94/24 interface=vlan10 network=172.24.10.0 add address=172.24.42.94/24 interface=vlan42 network=172.24.42.0 +/ip cloud +set ddns-enabled=yes /ip dns set servers=172.24.10.11,172.24.10.12 +/ip firewall filter +add action=accept chain=input comment="allow established, related" connection-state=established,related +add action=drop chain=input comment="drop invalid" connection-state=invalid +add action=accept chain=forward comment="allow established, related" connection-state=established,related +add action=drop chain=forward comment="drop invalid" connection-state=invalid +/ip firewall service-port +set tftp disabled=yes +set irc disabled=yes +set h323 disabled=yes +set sip disabled=yes +set pptp disabled=yes +set udplite disabled=yes +set dccp disabled=yes +set sctp disabled=yes /ip route add distance=1 gateway=172.24.1.1 +/ip service +set telnet disabled=yes +set ftp disabled=yes +set www-ssl certificate=mt-bu.ke.einsle.de disabled=no +set api disabled=yes +set api-ssl disabled=yes +/ip ssh +set host-key-size=4096 strong-crypto=yes +/lcd +set enabled=no /lcd interface pages set 0 interfaces=wlan1 +/system clock +set time-zone-name=Europe/Berlin /system identity set name=mt-bu +/system ntp client +set enabled=yes primary-ntp=172.24.10.11 secondary-ntp=172.24.10.12 +/tool bandwidth-server +set enabled=no +/tool graphing interface +add store-on-disk=no +/tool graphing queue +add store-on-disk=no +/tool graphing resource +add store-on-disk=no /tool romon set enabled=yes id=4C:5E:0C:A4:9C:1D secrets=78f244b59c