# routerboard: yes # model: CRS326-24G-2S+ # serial-number: 763C07D3969D # firmware-type: dx3230L # factory-firmware: 3.37 # current-firmware: 6.45.6 # upgrade-firmware: 6.45.6 # # channel: stable # installed-version: 6.45.6 # latest-version: 6.45.6 # status: System is already up to date # # Flags: U - undoable, R - redoable, F - floating-undo # ACTION BY POLICY # # software id = NK6R-LJLR # # model = CRS326-24G-2S+ # serial number = 763C07D3969D /caps-man channel add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2412 name=chan_2 tx-power=10 add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled frequency=5180 name=chan_5 tx-power=20 /interface bridge add name=br_lan protocol-mode=none vlan-filtering=yes /interface ethernet set [ find default-name=ether1 ] name=ether1_og set [ find default-name=ether2 ] name=ether2_dg set [ find default-name=ether3 ] name=ether3_prn set [ find default-name=ether4 ] name=ether4_kdg set [ find default-name=ether5 ] name=ether5_wohn set [ find default-name=ether6 ] name=ether6_wap set [ find default-name=ether7 ] name=ether7_b1 set [ find default-name=ether8 ] name=ether8_kedc02 set [ find default-name=ether9 ] disabled=yes set [ find default-name=ether10 ] disabled=yes set [ find default-name=ether11 ] disabled=yes set [ find default-name=ether12 ] name=ether12_mteg set [ find default-name=ether13 ] name=ether13_buwap set [ find default-name=ether14 ] name=ether14_fw1_lan1 set [ find default-name=ether15 ] name=ether15_fw1_lan2 set [ find default-name=ether16 ] name=ether16_fw1_lan3 set [ find default-name=ether17 ] name=ether17_ohorst1 set [ find default-name=ether18 ] name=ether18_ohorst2 set [ find default-name=ether19 ] name=ether19_ohorstipmi set [ find default-name=ether20 ] name=ether20_horstipmi set [ find default-name=ether21 ] name=ether21_horst1 set [ find default-name=ether22 ] mac-address=64:D1:54:C5:AC:18 name=ether22_horst2 set [ find default-name=ether23 ] name=ether23_nas1 set [ find default-name=ether24 ] mac-address=64:D1:54:C5:AC:1A name=ether24_nas2 set [ find default-name=sfp-sfpplus1 ] name=sfp-sfpplus1-eg /interface vlan add interface=br_lan name=vlan1 vlan-id=1 add interface=br_lan name=vlan2 vlan-id=2 add interface=br_lan name=vlan4 vlan-id=4 add interface=br_lan name=vlan10 vlan-id=10 add interface=br_lan name=vlan42 vlan-id=42 add interface=br_lan name=vlan50 vlan-id=50 add interface=br_lan name=vlan51 vlan-id=51 add interface=br_lan name=vlan52 vlan-id=52 add interface=br_lan name=vlan60 vlan-id=60 add interface=br_lan name=vlan90 vlan-id=90 add interface=br_lan name=vlan99 vlan-id=99 /interface bonding add mode=802.3ad name=bond_horst slaves=ether21_horst1,ether22_horst2 add mode=802.3ad name=bond_nas slaves=ether23_nas1,ether24_nas2 /caps-man datapath add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=dp_robert vlan-id=42 vlan-mode=use-tag add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=db_brigitte vlan-id=50 vlan-mode=use-tag add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=dp_tobias vlan-id=51 vlan-mode=use-tag add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=dp_teresa vlan-id=52 vlan-mode=use-tag add bridge=br_lan client-to-client-forwarding=no local-forwarding=no name=dp_gast vlan-id=99 vlan-mode=use-tag add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=dp_radius vlan-mode=use-tag /caps-man rates add basic=12Mbps name=basic_rates_2 supported=12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps add basic=24Mbps name=basic_rates_5 supported=24Mbps,36Mbps,48Mbps,54Mbps /caps-man security add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=sec_robert passphrase=DasIstEinTest! add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=sec_brigitte passphrase=aH4duhoo add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=sec_tobias passphrase=eifohk5U add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=sec_teresa passphrase=Em0aiLei add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=sec_gast passphrase=aseeci9oQu8Ooru add authentication-types=wpa2-eap disable-pmkid=yes eap-methods=passthrough group-key-update=1h name=sec_radius /caps-man configuration add channel=chan_2 country=germany datapath=dp_robert mode=ap name=cfg_2_robert rates=basic_rates_2 security=sec_robert ssid=wifis.org/ke/robert add channel=chan_5 country=germany datapath=db_brigitte mode=ap name=cfg_5_brigitte rates=basic_rates_5 security=sec_brigitte ssid=wifis.org/ke/brigitte add channel=chan_2 country=germany datapath=dp_tobias mode=ap name=cfg_2_tobias rates=basic_rates_2 security=sec_tobias ssid=wifis.org/ke/tobias add channel=chan_2 country=germany datapath=dp_teresa mode=ap name=cfg_2_teresa rates=basic_rates_2 security=sec_teresa ssid=wifis.org/ke/teresa add channel=chan_2 country=germany datapath=dp_gast mode=ap name=cfg_2_gast rates=basic_rates_2 security=sec_gast ssid=wifis.org/ke/gast add channel=chan_2 country=germany datapath=dp_radius mode=ap name=cfg_2_radius rates=basic_rates_2 security=sec_radius ssid=wifis.org/ke/bertling add channel=chan_5 country=germany datapath=dp_radius mode=ap name=cfg_5_radius rates=basic_rates_5 security=sec_radius ssid=wifis.org/ke/bertling add channel=chan_2 country=germany datapath=db_brigitte mode=ap name=cfg_2_brigitte rates=basic_rates_2 security=sec_brigitte ssid=wifis.org/ke/brigitte add channel=chan_5 country=germany datapath=dp_gast mode=ap name=cfg_5_gast rates=basic_rates_5 security=sec_gast ssid=wifis.org/ke/gast add channel=chan_5 country=germany datapath=dp_robert mode=ap name=cfg_5_robert rates=basic_rates_5 security=sec_robert ssid=wifis.org/ke/robert add channel=chan_5 country=germany datapath=dp_teresa mode=ap name=cfg_5_teresa rates=basic_rates_5 security=sec_teresa ssid=wifis.org/ke/teresa add channel=chan_5 country=germany datapath=dp_tobias mode=ap name=cfg_5_tobias rates=basic_rates_5 security=sec_tobias ssid=wifis.org/ke/tobias /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot /ip kid-control add disabled=yes fri="" mon="" name=teresa sat="" sun="" thu="" tue="" wed="" add disabled=yes fri="" mon="" name=tobias sat="" sun="" thu="" tue="" wed="" /snmp community set [ find default=yes ] read-access=no add addresses=172.24.0.0/16 authentication-password=nUTIRozDeJMiQ2Goj8BR authentication-protocol=SHA1 encryption-password=nUTIRozDeJMiQ2Goj8BR encryption-protocol=AES name=monitor security=private /caps-man manager set enabled=yes upgrade-policy=suggest-same-version /caps-man manager interface set [ find default=yes ] forbid=yes add disabled=no interface=vlan42 add disabled=no interface=vlan1 /caps-man provisioning add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=cfg_2_radius name-format=prefix-identity name-prefix=cap-2 slave-configurations=cfg_2_robert,cfg_2_brigitte,cfg_2_gast,cfg_2_teresa,cfg_2_tobias add action=create-dynamic-enabled hw-supported-modes=ac,an master-configuration=cfg_5_radius name-format=prefix-identity name-prefix=cap-5 slave-configurations=cfg_5_robert,cfg_5_brigitte,cfg_5_gast,cfg_5_teresa,cfg_5_tobias /interface bridge port add bridge=br_lan frame-types=admit-only-vlan-tagged interface=ether1_og add bridge=br_lan frame-types=admit-only-vlan-tagged interface=ether2_dg add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether3_prn pvid=10 add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether4_kdg pvid=4 add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether5_wohn pvid=42 add bridge=br_lan frame-types=admit-only-vlan-tagged interface=ether6_wap add bridge=br_lan frame-types=admit-only-vlan-tagged interface=ether7_b1 add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether8_kedc02 pvid=10 add bridge=br_lan interface=ether9 add bridge=br_lan interface=ether10 add bridge=br_lan interface=ether11 add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether12_mteg pvid=42 add bridge=br_lan interface=ether13_buwap pvid=42 add bridge=br_lan interface=ether14_fw1_lan1 add bridge=br_lan interface=ether15_fw1_lan2 add bridge=br_lan interface=ether16_fw1_lan3 add bridge=br_lan frame-types=admit-only-vlan-tagged interface=ether17_ohorst1 add bridge=br_lan frame-types=admit-only-vlan-tagged interface=ether18_ohorst2 add bridge=br_lan interface=ether19_ohorstipmi add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether20_horstipmi add bridge=br_lan frame-types=admit-only-vlan-tagged interface=sfp-sfpplus1-eg pvid=42 add bridge=br_lan interface=sfp-sfpplus2 add bridge=br_lan interface=bond_horst add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=bond_nas pvid=10 /interface bridge vlan add bridge=br_lan tagged="br_lan,bond_horst,sfp-sfpplus1-eg,sfp-sfpplus2,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" untagged=ether19_ohorstipmi,ether20_horstipmi vlan-ids=1 add bridge=br_lan tagged="br_lan,bond_horst,sfp-sfpplus1-eg,sfp-sfpplus2,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" vlan-ids=2 add bridge=br_lan tagged="br_lan,bond_horst,sfp-sfpplus1-eg,sfp-sfpplus2,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" untagged=ether4_kdg vlan-ids=4 add bridge=br_lan tagged="br_lan,bond_horst,sfp-sfpplus1-eg,sfp-sfpplus2,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether17_ohorst1,ether18_ohorst2" untagged=bond_nas,ether3_prn,ether8_kedc02 vlan-ids=10 add bridge=br_lan tagged="br_lan,bond_horst,sfp-sfpplus1-eg,sfp-sfpplus2,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" untagged=ether5_wohn,ether13_buwap vlan-ids=42 add bridge=br_lan tagged="br_lan,sfp-sfpplus1-eg,sfp-sfpplus2,bond_horst,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" vlan-ids=50 add bridge=br_lan tagged="br_lan,sfp-sfpplus1-eg,sfp-sfpplus2,bond_horst,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" vlan-ids=51 add bridge=br_lan tagged="br_lan,sfp-sfpplus1-eg,sfp-sfpplus2,bond_horst,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" vlan-ids=52 add bridge=br_lan tagged="br_lan,sfp-sfpplus1-eg,sfp-sfpplus2,bond_horst,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" vlan-ids=60 add bridge=br_lan tagged="br_lan,sfp-sfpplus1-eg,sfp-sfpplus2,bond_horst,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether17_ohorst1,ether18_ohorst2" vlan-ids=90 add bridge=br_lan tagged="br_lan,sfp-sfpplus1-eg,sfp-sfpplus2,bond_horst,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether17_ohorst1,ether18_ohorst2" vlan-ids=99 add bridge=br_lan tagged=br_lan,bond_horst,ether17_ohorst1,ether18_ohorst2 vlan-ids=11 /ip address add address=172.24.1.97/24 interface=vlan1 network=172.24.1.0 add address=172.24.10.90/24 interface=vlan10 network=172.24.10.0 add address=172.24.42.90/24 interface=vlan42 network=172.24.42.0 add address=172.24.4.104/24 interface=vlan4 network=172.24.4.0 add address=172.24.42.1/24 disabled=yes interface=vlan42 network=172.24.42.0 add address=172.24.1.1/24 disabled=yes interface=vlan1 network=172.24.1.0 add address=172.24.10.1/24 disabled=yes interface=vlan10 network=172.24.10.0 /ip dhcp-relay add dhcp-server=172.24.10.11,172.24.10.12 disabled=no interface=ether1_og name=relay_42 /ip dns set allow-remote-requests=yes servers=172.24.10.11,172.24.10.12 /ip kid-control device add mac-address=30:45:96:62:B6:46 name=teresa_handy user=teresa add mac-address=58:C5:CB:AB:13:39 name=tobias_handy user=tobias /ip route add distance=1 gateway=172.24.4.1 /ip service set telnet disabled=yes set ftp disabled=yes /ip ssh set forwarding-enabled=remote host-key-size=4096 strong-crypto=yes /radius add address=172.24.10.2 secret=asdfaodfadfzasdf33 service=wireless /snmp set contact=admin@einsle.de enabled=yes location=Kempten /system clock set time-zone-name=Europe/Berlin /system identity set name=mt-kg2 /system ntp client set enabled=yes primary-ntp=172.24.10.11 secondary-ntp=172.24.10.12 /system routerboard settings set boot-os=router-os /tool romon set enabled=yes id=B2:C1:51:48:4E:4F secrets=78f244b59c