update mikrotik/mt-bu.ke.einsle.de

2019-12-02 15:52:43 +01:00 · 2019-12-02 15:52:43 +01:00 · 99f55d956c
commit 99f55d956c
parent 4144ed1e72
1 changed files with 74 additions and 23 deletions
--- a/mikrotik/mt-bu.ke.einsle.de
+++ b/mikrotik/mt-bu.ke.einsle.de
@ -8,18 +8,17 @@
 # 
 #             channel: stable
 #   installed-version: 6.45.7
 #      latest-version: 6.45.7
 #              status: System is already up to date
 # 
 # Flags: U - undoable, R - redoable, F - floating-undo 
 #   ACTION                                   BY               POLICY             
-# U system identity changed                  admin            write              
+# U service port changed                     admin            write              
-# U user adm-reinsle added                   admin            write              
+# U service port changed                     admin            write              
-#                                                             policy             
+# U service port changed                     admin            write              
-# U user admin changed                       admin            write              
+# U service port changed                     admin            write              
-#                                                             policy             
+# U service port changed                     admin            write              
-# U user oxidized added                      admin            write              
+# U service port changed                     admin            write              
-#                                                             policy             
+# U service port changed                     admin            write              
 # U service port changed                     admin            write              
 # 
 # software id = A0ZE-2DFY
 #
@ -27,6 +26,15 @@
 # serial number = 522D04EAB949
 /interface bridge
 add name=br_lan protocol-mode=none vlan-filtering=yes
 /interface ethernet
 set [ find default-name=ether1 ] loop-protect=on name=eth1_kg rx-flow-control=auto tx-flow-control=auto
 set [ find default-name=ether2 ] loop-protect=on name=eth2_gamer42 rx-flow-control=auto tx-flow-control=auto
 set [ find default-name=ether3 ] loop-protect=on name=eth3_lappi42 rx-flow-control=auto tx-flow-control=auto
 set [ find default-name=ether4 ] loop-protect=on name=eth4_mawoh rx-flow-control=auto tx-flow-control=auto
 set [ find default-name=ether5 ] loop-protect=on name=eth5_gelb rx-flow-control=auto tx-flow-control=auto
 set [ find default-name=ether6 ] loop-protect=on name=eth6_rot rx-flow-control=auto tx-flow-control=auto
 set [ find default-name=ether7 ] loop-protect=on name=eth7_blau rx-flow-control=auto tx-flow-control=auto
 set [ find default-name=ether8 ] loop-protect=on name=eth8_weiss rx-flow-control=auto tx-flow-control=auto
 /interface wireless
 set [ find default-name=wlan1 ] ssid=MikroTik
 /interface vlan
@ -36,33 +44,76 @@ add interface=br_lan name=vlan42 vlan-id=42
 /interface wireless security-profiles
 set [ find default=yes ] supplicant-identity=MikroTik
 /interface bridge port
-add bridge=br_lan interface=ether1
+add bridge=br_lan interface=eth1_kg trusted=yes
-add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether2 pvid=42
+add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth2_gamer42 pvid=42
-add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=42
+add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth3_lappi42 pvid=42
-add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=42
+add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth4_mawoh pvid=42
-add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=42
+add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth5_gelb pvid=42
-add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether6 pvid=42
+add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth6_rot pvid=42
-add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether7 pvid=42
+add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth7_blau pvid=42
-add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether8 pvid=42
+add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth8_weiss pvid=42
 add bridge=br_lan interface=vlan1
-add bridge=br_lan interface=vlan10
+add bridge=br_lan interface=vlan10 pvid=10
-add bridge=br_lan interface=vlan42
+add bridge=br_lan interface=vlan42 pvid=42
 add bridge=br_lan interface=wlan1
 /interface bridge vlan
-add bridge=br_lan tagged=br_lan,ether1,vlan42 untagged=ether2,ether3,ether4,ether5,ether6,ether7,ether8 vlan-ids=42
+add bridge=br_lan tagged=br_lan,eth1_kg,vlan42 untagged="eth2_gamer42,eth3_lappi42,eth4_mawoh,eth5_gelb,eth6_rot,eth7_blau,eth8_weiss" vlan-ids=42
-add bridge=br_lan tagged=br_lan,ether1,vlan10 vlan-ids=10
+add bridge=br_lan tagged=br_lan,eth1_kg,vlan10 vlan-ids=10
-add bridge=br_lan tagged=br_lan,ether1,vlan1 vlan-ids=1
+add bridge=br_lan tagged=br_lan,eth1_kg,vlan1 vlan-ids=1
 add bridge=br_lan tagged=br_lan,eth1_kg vlan-ids=50
 add bridge=br_lan tagged=br_lan,eth1_kg vlan-ids=51
 add bridge=br_lan tagged=br_lan,eth1_kg vlan-ids=52
 add bridge=br_lan tagged=br_lan,eth1_kg vlan-ids=60
 add bridge=br_lan tagged=br_lan,eth1_kg vlan-ids=90
 add bridge=br_lan tagged=br_lan,eth1_kg vlan-ids=99
 /ip address
 add address=172.24.1.94/24 interface=vlan1 network=172.24.1.0
 add address=172.24.10.94/24 interface=vlan10 network=172.24.10.0
 add address=172.24.42.94/24 interface=vlan42 network=172.24.42.0
 /ip cloud
 set ddns-enabled=yes
 /ip dns
 set servers=172.24.10.11,172.24.10.12
 /ip firewall filter
 add action=accept chain=input comment="allow established, related" connection-state=established,related
 add action=drop chain=input comment="drop invalid" connection-state=invalid
 add action=accept chain=forward comment="allow established, related" connection-state=established,related
 add action=drop chain=forward comment="drop invalid" connection-state=invalid
 /ip firewall service-port
 set tftp disabled=yes
 set irc disabled=yes
 set h323 disabled=yes
 set sip disabled=yes
 set pptp disabled=yes
 set udplite disabled=yes
 set dccp disabled=yes
 set sctp disabled=yes
 /ip route
 add distance=1 gateway=172.24.1.1
 /ip service
 set telnet disabled=yes
 set ftp disabled=yes
 set www-ssl certificate=mt-bu.ke.einsle.de disabled=no
 set api disabled=yes
 set api-ssl disabled=yes
 /ip ssh
 set host-key-size=4096 strong-crypto=yes
 /lcd
 set enabled=no
 /lcd interface pages
 set 0 interfaces=wlan1
 /system clock
 set time-zone-name=Europe/Berlin
 /system identity
 set name=mt-bu
 /system ntp client
 set enabled=yes primary-ntp=172.24.10.11 secondary-ntp=172.24.10.12
 /tool bandwidth-server
 set enabled=no
 /tool graphing interface
 add store-on-disk=no
 /tool graphing queue
 add store-on-disk=no
 /tool graphing resource
 add store-on-disk=no
 /tool romon
 set enabled=yes id=4C:5E:0C:A4:9C:1D secrets=78f244b59c