From f6d3dee7af7bcf4c2a3eef72ded92c34c4b8e82d Mon Sep 17 00:00:00 2001
From: oxidized <oxidized@einsle.de>
Date: Thu, 4 Jul 2019 13:21:09 +0200
Subject: [PATCH] update mikrotik/mt-dude.ke.einsle.de

---
 mikrotik/mt-dude.ke.einsle.de | 185 ++++++++++++++++++++++++++++++++++
 1 file changed, 185 insertions(+)
 create mode 100644 mikrotik/mt-dude.ke.einsle.de

diff --git a/mikrotik/mt-dude.ke.einsle.de b/mikrotik/mt-dude.ke.einsle.de
new file mode 100644
index 0000000..dce9ecc
--- /dev/null
+++ b/mikrotik/mt-dude.ke.einsle.de
@@ -0,0 +1,185 @@
+#        routerboard: yes
+#         board-name: hEX
+#              model: RouterBOARD 750G r3
+#      serial-number: 6F3806DF15CA
+#      firmware-type: mt7621L
+#   factory-firmware: 3.34
+#   current-firmware: 6.45.1
+#   upgrade-firmware: 6.45.1
+# 
+#             channel: stable
+#   installed-version: 6.45.1
+# 
+# Flags: U - undoable, R - redoable, F - floating-undo 
+#   ACTION                                   BY               POLICY             
+# U user oxidized added                      admin            write              
+#                                                             policy             
+# 
+# software id = QCYC-SED2
+#
+# model = RouterBOARD 750G r3
+# serial number = 6F3806DF15CA
+/caps-man channel
+add band=5ghz-onlyac name=chan_ke_5
+add band=2ghz-g/n name=chan_ke_2
+/interface bridge
+add fast-forward=no name=br_brigitte protocol-mode=none
+add fast-forward=no name=br_gast protocol-mode=none
+add fast-forward=no name=br_lan protocol-mode=none
+add fast-forward=no name=br_lo protocol-mode=none
+add fast-forward=no name=br_mgmt protocol-mode=none
+add fast-forward=no name=br_robert protocol-mode=none
+add fast-forward=no name=br_server protocol-mode=none
+add fast-forward=no name=br_teresa protocol-mode=none
+add fast-forward=no name=br_test protocol-mode=none
+add fast-forward=no name=br_tobias protocol-mode=none
+add fast-forward=no name=br_voip protocol-mode=none
+/interface ethernet
+set [ find default-name=ether1 ] speed=100Mbps
+set [ find default-name=ether2 ] speed=100Mbps
+set [ find default-name=ether3 ] speed=100Mbps
+set [ find default-name=ether4 ] speed=100Mbps
+set [ find default-name=ether5 ] speed=100Mbps
+/interface vlan
+add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan1 vlan-id=1
+add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan10 vlan-id=10
+add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan42 vlan-id=42
+add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan50 vlan-id=50
+add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan51 vlan-id=51
+add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan52 vlan-id=52
+add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan60 vlan-id=60
+add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan90 vlan-id=90
+add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan99 vlan-id=99
+/caps-man datapath
+add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=dp_radius
+add bridge=br_robert client-to-client-forwarding=yes local-forwarding=no name=dp_robert
+add bridge=br_brigitte client-to-client-forwarding=yes local-forwarding=no name=dp_brigitte
+add bridge=br_tobias client-to-client-forwarding=yes local-forwarding=no name=dp_tobias
+add bridge=br_teresa client-to-client-forwarding=yes local-forwarding=no name=dp_teresa
+add bridge=br_gast client-to-client-forwarding=no local-forwarding=no name=dp_gast
+/caps-man rates
+add basic=12Mbps name=rates supported=12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps
+/caps-man security
+add authentication-types=wpa2-eap eap-methods=passthrough encryption=aes-ccm group-encryption=aes-ccm name=sec_radius
+add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_robert passphrase=DasIstEinTest!
+add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_brigitte passphrase=aH4duhoo
+add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_tobias passphrase=eifohk5U
+add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_teresa passphrase=Em0aiLei
+add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_gast passphrase=aseeci9oQu8Ooru
+/caps-man configuration
+add channel=chan_ke_5 country=germany datapath=dp_radius hide-ssid=no mode=ap name=cfg_5_radius rates=rates security=sec_radius ssid=wifis.org/ke/bertling
+add channel=chan_ke_5 datapath=dp_robert name=cfg_5_robert rates=rates security=sec_robert ssid=wifis.org/ke/robert
+add channel=chan_ke_5 datapath=dp_brigitte name=cfg_5_brigitte rates=rates security=sec_brigitte ssid=wifis.org/ke/brigitte
+add channel=chan_ke_5 datapath=dp_tobias name=cfg_5_tobias rates=rates security=sec_tobias ssid=wifis.org/ke/tobias
+add channel=chan_ke_5 datapath=dp_teresa name=cfg_5_teresa rates=rates security=sec_teresa ssid=wifis.org/ke/teresa
+add channel=chan_ke_5 datapath=dp_gast name=cfg_5_gast rates=rates security=sec_gast ssid=wifis.org/ke/gast
+add channel=chan_ke_2 country=germany datapath=dp_radius hide-ssid=no mode=ap name=cfg_2_radius rates=rates security=sec_radius ssid=wifis.org/ke/bertling
+add channel=chan_ke_2 datapath=dp_brigitte name=cfg_2_brigitte rates=rates security=sec_brigitte ssid=wifis.org/ke/brigitte
+add channel=chan_ke_2 datapath=dp_gast name=cfg_2_gast rates=rates security=sec_gast ssid=wifis.org/ke/gast
+add channel=chan_ke_2 datapath=dp_robert name=cfg_2_robert rates=rates security=sec_robert ssid=wifis.org/ke/robert
+add channel=chan_ke_2 datapath=dp_teresa name=cfg_2_teresa rates=rates security=sec_teresa ssid=wifis.org/ke/teresa
+add channel=chan_ke_2 datapath=dp_tobias name=cfg_2_tobias rates=rates security=sec_tobias ssid=wifis.org/ke/tobias
+/interface wireless security-profiles
+set [ find default=yes ] supplicant-identity=MikroTik
+/ip hotspot profile
+set [ find default=yes ] html-directory=flash/hotspot
+/ip pool
+add name=pool_robert ranges=172.24.42.110-172.24.42.200
+add name=pool_brigitte ranges=172.24.50.110-172.24.50.200
+add name=pool_tobias ranges=172.24.51.110-172.24.51.200
+add name=pool_teresa ranges=172.24.52.110-172.24.52.200
+/ip dhcp-server
+add address-pool=pool_robert authoritative=after-2sec-delay interface=br_robert name=dhcp_robert
+add address-pool=pool_brigitte authoritative=after-2sec-delay interface=br_brigitte name=dhcp_brigitte
+add address-pool=pool_tobias authoritative=after-2sec-delay interface=br_tobias name=dhcp_tobias
+add address-pool=pool_teresa authoritative=after-2sec-delay interface=br_teresa name=dhcp_teresa
+/routing bgp instance
+set default as=65000 client-to-client-reflection=no router-id=172.24.255.89
+/routing ospf instance
+set [ find default=yes ] redistribute-connected=as-type-1 router-id=172.24.255.89
+/snmp community
+set [ find default=yes ] addresses=172.24.1.0/24,172.24.10.0/24 authentication-protocol=SHA1 encryption-protocol=AES name=jie6Wao5weeSahs
+add addresses=172.24.1.0/24,172.24.10.0/24 authentication-password=nUTIRozDeJMiQ2Goj8BR authentication-protocol=SHA1 encryption-password=nUTIRozDeJMiQ2Goj8BR encryption-protocol=AES name=monitor security=private
+add addresses=172.24.10.0/24 name=public
+/caps-man manager
+set ca-certificate=auto certificate=mt-dude.ke.einsle.de enabled=yes upgrade-policy=suggest-same-version
+/caps-man provisioning
+add action=create-dynamic-enabled hw-supported-modes=ac,an master-configuration=cfg_5_radius name-format=prefix-identity name-prefix=cap-5- slave-configurations=cfg_5_robert,cfg_5_brigitte,cfg_5_tobias,cfg_5_teresa,cfg_5_gast
+add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=cfg_2_radius name-format=prefix-identity name-prefix=cap-2- slave-configurations=cfg_2_robert,cfg_2_brigitte,cfg_2_tobias,cfg_2_teresa,cfg_2_gast
+/dude
+set data-directory=disk1 enabled=yes
+/interface bridge port
+add bridge=br_mgmt interface=vlan1
+add bridge=br_server interface=vlan10
+add bridge=br_robert interface=vlan42
+add bridge=br_brigitte interface=vlan50
+add bridge=br_tobias interface=vlan51
+add bridge=br_teresa interface=vlan52
+add bridge=br_voip interface=vlan60
+add bridge=br_test interface=vlan90
+add bridge=br_gast interface=vlan99
+add bridge=br_lan interface=ether1
+/interface ethernet switch vlan
+add independent-learning=yes ports=switch1-cpu,ether1 switch=switch1 vlan-id=1
+add independent-learning=yes ports=switch1-cpu,ether1 switch=switch1 vlan-id=10
+add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=42
+add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=50
+add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=51
+add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=52
+add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=60
+add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=90
+add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=99
+/ip address
+add address=172.24.42.89/24 interface=br_robert network=172.24.42.0
+add address=172.24.1.89/24 interface=br_mgmt network=172.24.1.0
+add address=172.24.10.89/24 interface=br_server network=172.24.10.0
+add address=172.24.52.89/24 interface=br_teresa network=172.24.52.0
+add address=172.24.50.89/24 interface=br_brigitte network=172.24.50.0
+add address=172.24.51.89/24 interface=br_tobias network=172.24.51.0
+add address=172.24.255.89 interface=br_lo network=172.24.255.89
+add address=172.24.0.26/30 interface=ether1 network=172.24.0.24
+add address=172.24.60.89/24 interface=br_voip network=172.24.60.0
+/ip dhcp-server network
+add address=172.24.42.89/32 dns-server=8.8.8.8,172.24.10.13,172.24.10.17 gateway=172.24.42.2 netmask=24
+add address=172.24.50.89/32 dns-server=8.8.8.8,172.24.10.13,172.24.10.17 gateway=172.24.50.2 netmask=24
+add address=172.24.51.89/32 dns-server=8.8.8.8,172.24.10.13,172.24.10.17 gateway=172.24.51.2 netmask=24
+add address=172.24.52.89/32 dns-server=8.8.8.8,172.24.10.13,172.24.10.17 gateway=172.24.52.2 netmask=24
+/ip dns
+set servers=172.24.10.11,172.24.10.12
+/ip route
+add distance=1 gateway=172.24.1.1
+/ip smb shares
+set [ find default=yes ] directory=/pub
+/ip ssh
+set allow-none-crypto=yes forwarding-enabled=remote
+/mpls ldp
+set lsr-id=172.24.255.89 transport-address=172.24.255.89
+/mpls ldp interface
+add disabled=yes interface=ether1
+/radius
+add address=172.24.10.25 disabled=yes domain=wlan.ke.einsle.de secret=zu6OhMe8ien5 service=wireless timeout=1s
+add address=172.24.42.109 domain=ke.einsle.de secret=ni.xd.ol service=wireless timeout=1s
+/routing bgp peer
+add address-families=ip,l2vpn,l2vpn-cisco,vpnv4 name=mt-kg remote-address=172.24.255.91 remote-as=65000 ttl=default update-source=br_lo
+/routing ospf network
+add area=backbone network=172.24.255.89/32
+add area=backbone network=172.24.0.24/30
+add area=backbone network=172.24.1.0/24
+/snmp
+set contact="Robert Einsle <robert@einsle.de>" enabled=yes location="Kempten, Keller"
+/system clock
+set time-zone-name=Europe/Berlin
+/system identity
+set name=mt-dude
+/system ntp client
+set enabled=yes primary-ntp=172.24.10.13 secondary-ntp=172.24.10.12
+/system resource irq rps
+set ether1 disabled=no
+set ether2 disabled=no
+set ether3 disabled=no
+set ether4 disabled=no
+set ether5 disabled=no
+/system scheduler
+add interval=1d name=backup on-event="/system backup save name=mt-dude" policy=write start-date=oct/02/2017 start-time=00:00:00
+/tool romon
+set enabled=yes id=6C:3B:6B:88:34:48 secrets=78f244b59c