diff --git a/mikrotik/mt-kg.ke.einsle.de b/mikrotik/mt-kg.ke.einsle.de new file mode 100644 index 0000000..32b93af --- /dev/null +++ b/mikrotik/mt-kg.ke.einsle.de @@ -0,0 +1,189 @@ +# routerboard: yes +# model: CRS112-8G-4S +# serial-number: 6CFA0698D051 +# firmware-type: qca8513L +# factory-firmware: 3.23 +# current-firmware: 6.45.1 +# upgrade-firmware: 6.45.1 +# +# channel: stable +# installed-version: 6.45.1 +# +# Flags: U - undoable, R - redoable, F - floating-undo +# ACTION BY POLICY +# U user oxidized added admin write +# policy +# +# software id = U6BB-XKEI +# +# model = CRS112-8G-4S +# serial number = 6CFA0698D051 +/interface bridge +add name=br_brigitte protocol-mode=none +add name=br_gast protocol-mode=none +add admin-mac=6C:3B:6B:3C:0D:7C auto-mac=no comment="created from master port" name=br_lan protocol-mode=none +add fast-forward=no name=br_lo protocol-mode=none +add fast-forward=no name=br_mgmt protocol-mode=none +add fast-forward=no name=br_robert protocol-mode=none +add name=br_server protocol-mode=none +add name=br_teresa protocol-mode=none +add name=br_test protocol-mode=none +add name=br_tobias protocol-mode=none +add name=br_voip protocol-mode=none +/interface ethernet +set [ find default-name=ether1 ] comment=mt-eg name=eth1_mteg speed=100Mbps +set [ find default-name=ether2 ] comment=nas name=eth2_nas speed=100Mbps +set [ find default-name=ether3 ] comment="sw01 GE1" name=eth3_sw011 speed=100Mbps +set [ find default-name=ether4 ] comment="sw-01 GE2" name=eth4_sw012 speed=100Mbps +set [ find default-name=ether5 ] comment="FW2 LAN1" name=eth5_fw1eth0 speed=100Mbps +set [ find default-name=ether6 ] comment="FW2 LAN2" name=eth6_fw1eth1 speed=100Mbps +set [ find default-name=ether7 ] comment="horst e1" name=eth7_horste1 speed=100Mbps +set [ find default-name=ether8 ] comment="horst e2" name=eth8_horste2 speed=100Mbps +set [ find default-name=sfp9 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=mt-eg_sfp1 name=sfp9_mteg +set [ find default-name=sfp10 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=mt-test_sfp1 name=sfp10_mttest +set [ find default-name=sfp11 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full +set [ find default-name=sfp12 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=mt-dude name=sfp12_mtdude +/interface vlan +add comment=mgmt interface=br_lan name=vlan1 vlan-id=1 +add comment=dmz interface=br_lan name=vlan2 vlan-id=2 +add comment=mnet interface=br_lan name=vlan3 vlan-id=3 +add comment=kdg interface=br_lan name=vlan4 vlan-id=4 +add comment=server interface=br_lan name=vlan10 vlan-id=10 +add comment=robert interface=br_lan name=vlan42 vlan-id=42 +add comment=brigitte interface=br_lan name=vlan50 vlan-id=50 +add comment=tobias interface=br_lan name=vlan51 vlan-id=51 +add comment=teresa interface=br_lan name=vlan52 vlan-id=52 +add comment=voip interface=br_lan name=vlan60 vlan-id=60 +add comment=test interface=br_lan name=vlan90 vlan-id=90 +add comment=gast interface=br_lan name=vlan99 vlan-id=99 +/interface ethernet switch trunk +add member-ports=eth3_sw011,eth4_sw012 name=tr_sw01 +/interface wireless security-profiles +set [ find default=yes ] supplicant-identity=MikroTik +/ip hotspot profile +set [ find default=yes ] html-directory=flash/hotspot +/ip ipsec policy group +add name=zegowitz +/ip ipsec profile +add dh-group=modp1024 enc-algorithm=aes-128 hash-algorithm=md5 name=profile_1 +/ip ipsec peer +add address=87.140.87.206/32 disabled=yes exchange-mode=aggressive name=peer1 profile=profile_1 +/ip ipsec proposal +add auth-algorithms=md5 name=zegowitz_prop +/routing bgp instance +set default as=65000 router-id=172.24.255.91 +/routing ospf instance +set [ find default=yes ] redistribute-connected=as-type-1 router-id=172.24.255.91 +/snmp community +set [ find default=yes ] addresses=172.24.0.0/16 authentication-password=nUTIRozDeJMiQ2Goj8BR authentication-protocol=SHA1 encryption-password=nUTIRozDeJMiQ2Goj8BR encryption-protocol=AES name=jie6Wao5weeSahs +add addresses=172.24.1.0/24,172.24.10.0/24 authentication-password=nUTIRozDeJMiQ2Goj8BR authentication-protocol=SHA1 encryption-password=nUTIRozDeJMiQ2Goj8BR encryption-protocol=AES name=monitor security=private +add addresses=172.24.10.0/24 name=public +/interface bridge msti +add bridge=br_robert identifier=1 vlan-mapping=42 +/interface bridge port +add bridge=br_robert interface=vlan42 +add bridge=br_server interface=vlan10 +add bridge=br_brigitte interface=vlan50 +add bridge=br_tobias interface=vlan51 +add bridge=br_teresa interface=vlan52 +add bridge=br_voip interface=vlan60 +add bridge=br_mgmt interface=vlan1 +add bridge=br_test interface=vlan90 +add bridge=br_gast interface=vlan99 +add bridge=br_robert interface=eth2_nas +add bridge=br_lan interface=eth3_sw011 +add bridge=br_lan interface=eth4_sw012 +add bridge=br_lan interface=eth5_fw1eth0 +add bridge=br_lan interface=eth6_fw1eth1 +add bridge=br_lan interface=eth7_horste1 +add bridge=br_lan interface=eth8_horste2 +add bridge=br_lan interface=sfp9_mteg +add bridge=br_lan interface=sfp10_mttest +add bridge=br_lan interface=sfp11 +add bridge=br_lan interface=sfp12_mtdude +add bridge=br_lan interface=eth1_mteg +/ip settings +set tcp-syncookies=yes +/interface ethernet switch egress-vlan-tag +add tagged-ports="switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=1 +add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=10 +add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude" vlan-id=42 +add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=50 +add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=51 +add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=60 +add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=90 +add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=99 +add tagged-ports=tr_sw01,eth2_nas,eth7_horste1,eth8_horste2,sfp10_mttest,sfp11 vlan-id=2 +add tagged-ports=tr_sw01,eth2_nas,eth7_horste1,eth8_horste2,sfp9_mteg,sfp11 vlan-id=3 +add tagged-ports=tr_sw01,eth2_nas,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp11 vlan-id=4 +add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=52 +/interface ethernet switch ingress-vlan-translation +add customer-vid=0 new-customer-vid=10 ports=eth7_horste1 +add customer-vid=0 new-customer-vid=42 ports=sfp11 +add customer-vid=0 new-customer-vid=1 ports=tr_sw01 +add customer-vid=0 new-customer-vid=4 ports=eth1_mteg +/interface ethernet switch vlan +add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=1 +add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=10 +add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude" vlan-id=42 +add ports=tr_sw01,eth2_nas,eth7_horste1,eth8_horste2,sfp10_mttest,sfp11 vlan-id=2 +add ports=tr_sw01,eth2_nas,eth7_horste1,eth8_horste2,sfp9_mteg,sfp11 vlan-id=3 +add ports="tr_sw01,eth1_mteg,eth2_nas,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp11" vlan-id=4 +add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=50 +add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=51 +add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=52 +add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=60 +add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=90 +add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=99 +/ip address +add address=172.24.42.91/24 interface=br_robert network=172.24.42.0 +add address=172.24.10.91/24 interface=br_server network=172.24.10.0 +add address=172.24.1.91/24 interface=br_mgmt network=172.24.1.0 +add address=172.24.90.91/24 interface=br_test network=172.24.90.0 +add address=172.24.255.91 interface=br_lo network=172.24.255.91 +add address=172.24.50.91/24 interface=br_brigitte network=172.24.50.0 +add address=172.24.51.91/24 interface=br_tobias network=172.24.51.0 +add address=172.24.52.91/24 interface=br_teresa network=172.24.52.0 +add address=172.24.60.91/24 interface=br_voip network=172.24.60.0 +add address=172.24.99.91/24 interface=br_gast network=172.24.99.0 +add address=172.24.0.1/30 interface=sfp9_mteg network=172.24.0.0 +add address=172.24.0.25/30 interface=sfp12_mtdude network=172.24.0.24 +/ip dhcp-client +add dhcp-options=hostname,clientid disabled=no interface=br_robert +/ip dns +set servers=172.24.10.11,172.24.10.12 +/ip ipsec identity +add my-id=user-fqdn:einsle@reisert.de peer=peer1 policy-template-group=zegowitz secret="tk94BuK39Pdx1rWtw4kykpaT2Dve(\?wrk6zkew3nvmKh)7cY" +/ip ipsec policy +add dst-address=10.11.2.0/24 group=zegowitz proposal=zegowitz_prop src-address=10.11.2.0/24 template=yes +/ip route +add distance=1 gateway=172.24.1.1 +add distance=1 dst-address=172.24.0.0/24 type=blackhole +add distance=1 dst-address=172.24.255.0/24 type=blackhole +/ip service +set www-ssl certificate=mt-ke.ke.einsle.de disabled=no +set api-ssl certificate=mt-ke.ke.einsle.de +/ip ssh +set allow-none-crypto=yes forwarding-enabled=remote +/mpls ldp +set lsr-id=172.24.255.91 transport-address=172.24.255.91 +/routing bgp peer +add address-families=ip,l2vpn,l2vpn-cisco,vpnv4 name=mt-bu remote-address=172.24.255.94 remote-as=65000 route-reflect=yes ttl=default update-source=br_lo +add address-families=ip,l2vpn,l2vpn-cisco,vpnv4 name=mt-dude remote-address=172.24.255.89 remote-as=65000 route-reflect=yes ttl=default update-source=br_lo +/routing ospf network +add area=backbone network=172.24.255.91/32 +add area=backbone network=172.24.1.0/24 +/snmp +set contact="Robert Einsle " enabled=yes location="Kempten, Netzwerkschrank Keller" +/system clock +set time-zone-name=Europe/Berlin +/system identity +set name=mt-kg +/system ntp client +set enabled=yes primary-ntp=172.24.10.11 secondary-ntp=172.24.10.12 +/system upgrade upgrade-package-source +add address=172.24.1.89 user=admin +/tool bandwidth-server +set authenticate=no +/tool romon +set enabled=yes id=6C:3B:6B:3C:0D:7C secrets=78f244b59c