#        routerboard: yes
#         board-name: hAP ac
#              model: RouterBOARD 962UiGS-5HacT2HnT
#      serial-number: 673706FE47BB
#      firmware-type: qca9550L
#   factory-firmware: 3.31
#   current-firmware: 6.46
#   upgrade-firmware: 6.46
# 
#             channel: stable
#   installed-version: 6.46
#      latest-version: 6.46
#              status: System is already up to date
# 
# Flags: U - undoable, R - redoable, F - floating-undo 
#   ACTION                                   BY               POLICY             
# U item changed                             admin            write              
# U device changed                           admin            write              
# U item changed                             admin            write              
# U item changed                             admin            write              
# U bridge port changed                      admin            write              
# U device changed                           admin            write              
# U item added                               admin            write              
# U item added                               admin            write              
# U device changed                           admin            write              
# U filter rule changed                      admin            write              
# U filter rule added                        admin            write              
# U filter rule changed                      admin            write              
# U filter rule added                        admin            write              
# U filter rule added                        admin            write              
# U filter rule added                        admin            write              
# U device changed                           admin            write              
# U device changed                           admin            write              
# U device changed                           admin            write              
# U bridge port changed                      admin            write              
# 
# software id = BJZX-XMI3
#
# model = RouterBOARD 962UiGS-5HacT2HnT
# serial number = 673706FE47BB
/interface bridge
add name=br_lan protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=ether1_kg
set [ find default-name=ether2 ] name=ether2_homematic
set [ find default-name=ether3 ] name=ether3_raspi
set [ find default-name=sfp1 ] name=sfp1_kg
/interface wireless
# managed by CAPsMAN
# channel: 2412/20/gn(10dBm), SSID: wifis.org/ke/bertling, CAPsMAN forwarding
set [ find default-name=wlan1 ] ssid=MikroTik
# managed by CAPsMAN
# channel: 5180/20/ac(20dBm), SSID: wifis.org/ke/bertling, CAPsMAN forwarding
set [ find default-name=wlan2 ] ssid=MikroTik
/interface vlan
add interface=br_lan name=vlan1 vlan-id=1
add interface=br_lan name=vlan10 vlan-id=10
add interface=br_lan name=vlan42 vlan-id=42
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=br_lan interface=sfp1_kg
add bridge=br_lan frame-types=admit-only-vlan-tagged interface=ether1_kg
add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether2_homematic pvid=90
add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether3_raspi pvid=10
add bridge=br_lan interface=ether4
add bridge=br_lan interface=ether5
/interface bridge vlan
add bridge=br_lan tagged=br_lan,sfp1_kg,ether1_kg,vlan1 vlan-ids=1
add bridge=br_lan tagged=br_lan,sfp1_kg,ether1_kg,vlan10 untagged=ether3_raspi vlan-ids=10
add bridge=br_lan tagged=br_lan,sfp1_kg,ether1_kg,vlan42 vlan-ids=42
add bridge=br_lan tagged=br_lan,sfp1_kg,ether1_kg vlan-ids=50
add bridge=br_lan tagged=br_lan,sfp1_kg,ether1_kg vlan-ids=51
add bridge=br_lan tagged=br_lan,sfp1_kg,ether1_kg vlan-ids=52
add bridge=br_lan tagged=br_lan,sfp1_kg,ether1_kg vlan-ids=60
add bridge=br_lan tagged=br_lan,sfp1_kg,ether1_kg untagged=ether2_homematic vlan-ids=90
add bridge=br_lan tagged=br_lan,sfp1_kg,ether1_kg vlan-ids=99
/interface wireless cap
# 
set discovery-interfaces=vlan1 enabled=yes interfaces=wlan1,wlan2
/ip address
add address=172.24.1.93/24 interface=vlan1 network=172.24.1.0
add address=172.24.10.93/24 interface=vlan10 network=172.24.10.0
add address=172.24.42.93/24 interface=vlan42 network=172.24.42.0
/ip dns
set servers=172.24.10.11,172.24.10.12
/ip firewall filter
add action=accept chain=input comment="accept established, related" connection-state=established,related
add action=drop chain=input comment="drop invalid" connection-state=invalid log=yes
add action=accept chain=forward comment="accept established, related" connection-state=established,related
add action=drop chain=forward comment="drop invalid" connection-state=invalid log=yes
/ip route
add distance=1 gateway=172.24.1.1
/ip ssh
set host-key-size=4096 strong-crypto=yes
/snmp
set contact=admin@einsle.de location=Kempten
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=mt-eg
/system ntp client
set enabled=yes primary-ntp=172.24.10.11 secondary-ntp=172.24.10.12
/tool romon
set enabled=yes id=6C:3B:6B:19:62:AD secrets=78f244b59c
/tool sniffer
set filter-interface=ether2_homematic