# routerboard: yes # model: CRS109-8G-1S-2HnD # serial-number: 522D04EAB949 # firmware-type: ar9344 # factory-firmware: 3.19 # current-firmware: 6.46 # upgrade-firmware: 6.46 # # channel: stable # installed-version: 6.46 # # Flags: U - undoable, R - redoable, F - floating-undo # ACTION BY POLICY # # software id = A0ZE-2DFY # # model = CRS109-8G-1S-2HnD # serial number = 522D04EAB949 /interface bridge add name=br_lan protocol-mode=none vlan-filtering=yes /interface ethernet set [ find default-name=ether1 ] loop-protect=on name=eth1_kg rx-flow-control=auto tx-flow-control=auto set [ find default-name=ether2 ] loop-protect=on name=eth2_gamer42 rx-flow-control=auto tx-flow-control=auto set [ find default-name=ether3 ] loop-protect=on name=eth3_lappi42 rx-flow-control=auto tx-flow-control=auto set [ find default-name=ether4 ] loop-protect=on name=eth4_mawoh rx-flow-control=auto tx-flow-control=auto set [ find default-name=ether5 ] loop-protect=on name=eth5_gelb rx-flow-control=auto tx-flow-control=auto set [ find default-name=ether6 ] loop-protect=on name=eth6_rot rx-flow-control=auto tx-flow-control=auto set [ find default-name=ether7 ] loop-protect=on name=eth7_blau rx-flow-control=auto tx-flow-control=auto set [ find default-name=ether8 ] loop-protect=on name=eth8_weiss rx-flow-control=auto tx-flow-control=auto /interface wireless set [ find default-name=wlan1 ] ssid=MikroTik /interface vlan add interface=br_lan name=vlan1 vlan-id=1 add interface=br_lan name=vlan10 vlan-id=10 add interface=br_lan name=vlan42 vlan-id=42 /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /interface bridge port add bridge=br_lan interface=eth1_kg trusted=yes add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth2_gamer42 pvid=42 add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth3_lappi42 pvid=42 add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth4_mawoh pvid=42 add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth5_gelb pvid=42 add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth6_rot pvid=42 add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth7_blau pvid=42 add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth8_weiss pvid=42 add bridge=br_lan interface=vlan1 add bridge=br_lan interface=vlan10 pvid=10 add bridge=br_lan interface=vlan42 pvid=42 /interface bridge vlan add bridge=br_lan tagged=br_lan,eth1_kg,vlan42 untagged="eth2_gamer42,eth3_lappi42,eth4_mawoh,eth5_gelb,eth6_rot,eth7_blau,eth8_weiss" vlan-ids=42 add bridge=br_lan tagged=br_lan,eth1_kg,vlan10 vlan-ids=10 add bridge=br_lan tagged=br_lan,eth1_kg,vlan1 vlan-ids=1 add bridge=br_lan tagged=br_lan,eth1_kg vlan-ids=50 add bridge=br_lan tagged=br_lan,eth1_kg vlan-ids=51 add bridge=br_lan tagged=br_lan,eth1_kg vlan-ids=52 add bridge=br_lan tagged=br_lan,eth1_kg vlan-ids=60 add bridge=br_lan tagged=br_lan,eth1_kg vlan-ids=90 add bridge=br_lan tagged=br_lan,eth1_kg vlan-ids=99 /ip address add address=172.24.1.94/24 interface=vlan1 network=172.24.1.0 add address=172.24.10.94/24 interface=vlan10 network=172.24.10.0 add address=172.24.42.94/24 interface=vlan42 network=172.24.42.0 /ip cloud set ddns-enabled=yes /ip dns set servers=172.24.10.11,172.24.10.12 /ip firewall filter add action=accept chain=input comment="allow established, related" connection-state=established,related add action=drop chain=input comment="drop invalid" connection-state=invalid add action=accept chain=forward comment="allow established, related" connection-state=established,related add action=drop chain=forward comment="drop invalid" connection-state=invalid /ip firewall service-port set tftp disabled=yes set irc disabled=yes set h323 disabled=yes set sip disabled=yes set pptp disabled=yes set udplite disabled=yes set dccp disabled=yes set sctp disabled=yes /ip route add distance=1 gateway=172.24.1.1 /ip service set telnet disabled=yes set ftp disabled=yes set www-ssl certificate=mt-bu.ke.einsle.de disabled=no set api disabled=yes set api-ssl disabled=yes /ip ssh set host-key-size=4096 strong-crypto=yes /ipv6 nd set [ find default=yes ] advertise-dns=no /lcd set enabled=no /lcd interface pages set 0 interfaces=wlan1 /system clock set time-zone-name=Europe/Berlin /system identity set name=mt-bu /system ntp client set enabled=yes primary-ntp=172.24.10.11 secondary-ntp=172.24.10.12 /tool bandwidth-server set enabled=no /tool graphing interface add store-on-disk=no /tool graphing queue add store-on-disk=no /tool graphing resource add store-on-disk=no /tool romon set enabled=yes id=4C:5E:0C:A4:9C:1D secrets=78f244b59c