# routerboard: yes # board-name: hEX # model: RouterBOARD 750G r3 # serial-number: 6F3806DF15CA # firmware-type: mt7621L # factory-firmware: 3.34 # current-firmware: 6.45.2 # upgrade-firmware: 6.45.2 # # channel: stable # installed-version: 6.45.2 # # Flags: U - undoable, R - redoable, F - floating-undo # ACTION BY POLICY # # software id = QCYC-SED2 # # model = RouterBOARD 750G r3 # serial number = 6F3806DF15CA /caps-man channel add band=5ghz-onlyac name=chan_ke_5 add band=2ghz-g/n name=chan_ke_2 /interface bridge add fast-forward=no name=br_brigitte protocol-mode=none add fast-forward=no name=br_gast protocol-mode=none add fast-forward=no name=br_lan protocol-mode=none add fast-forward=no name=br_lo protocol-mode=none add fast-forward=no name=br_mgmt protocol-mode=none add fast-forward=no name=br_robert protocol-mode=none add fast-forward=no name=br_server protocol-mode=none add fast-forward=no name=br_teresa protocol-mode=none add fast-forward=no name=br_test protocol-mode=none add fast-forward=no name=br_tobias protocol-mode=none add fast-forward=no name=br_voip protocol-mode=none /interface ethernet set [ find default-name=ether1 ] speed=100Mbps set [ find default-name=ether2 ] speed=100Mbps set [ find default-name=ether3 ] speed=100Mbps set [ find default-name=ether4 ] speed=100Mbps set [ find default-name=ether5 ] speed=100Mbps /interface vlan add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan1 vlan-id=1 add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan10 vlan-id=10 add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan42 vlan-id=42 add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan50 vlan-id=50 add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan51 vlan-id=51 add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan52 vlan-id=52 add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan60 vlan-id=60 add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan90 vlan-id=90 add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan99 vlan-id=99 /caps-man datapath add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=dp_radius add bridge=br_robert client-to-client-forwarding=yes local-forwarding=no name=dp_robert add bridge=br_brigitte client-to-client-forwarding=yes local-forwarding=no name=dp_brigitte add bridge=br_tobias client-to-client-forwarding=yes local-forwarding=no name=dp_tobias add bridge=br_teresa client-to-client-forwarding=yes local-forwarding=no name=dp_teresa add bridge=br_gast client-to-client-forwarding=no local-forwarding=no name=dp_gast /caps-man rates add basic=12Mbps name=rates supported=12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps /caps-man security add authentication-types=wpa2-eap eap-methods=passthrough encryption=aes-ccm group-encryption=aes-ccm name=sec_radius add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_robert passphrase=DasIstEinTest! add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_brigitte passphrase=aH4duhoo add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_tobias passphrase=eifohk5U add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_teresa passphrase=Em0aiLei add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_gast passphrase=aseeci9oQu8Ooru /caps-man configuration add channel=chan_ke_5 country=germany datapath=dp_radius hide-ssid=no mode=ap name=cfg_5_radius rates=rates security=sec_radius ssid=wifis.org/ke/bertling add channel=chan_ke_5 datapath=dp_robert name=cfg_5_robert rates=rates security=sec_robert ssid=wifis.org/ke/robert add channel=chan_ke_5 datapath=dp_brigitte name=cfg_5_brigitte rates=rates security=sec_brigitte ssid=wifis.org/ke/brigitte add channel=chan_ke_5 datapath=dp_tobias name=cfg_5_tobias rates=rates security=sec_tobias ssid=wifis.org/ke/tobias add channel=chan_ke_5 datapath=dp_teresa name=cfg_5_teresa rates=rates security=sec_teresa ssid=wifis.org/ke/teresa add channel=chan_ke_5 datapath=dp_gast name=cfg_5_gast rates=rates security=sec_gast ssid=wifis.org/ke/gast add channel=chan_ke_2 country=germany datapath=dp_radius hide-ssid=no mode=ap name=cfg_2_radius rates=rates security=sec_radius ssid=wifis.org/ke/bertling add channel=chan_ke_2 datapath=dp_brigitte name=cfg_2_brigitte rates=rates security=sec_brigitte ssid=wifis.org/ke/brigitte add channel=chan_ke_2 datapath=dp_gast name=cfg_2_gast rates=rates security=sec_gast ssid=wifis.org/ke/gast add channel=chan_ke_2 datapath=dp_robert name=cfg_2_robert rates=rates security=sec_robert ssid=wifis.org/ke/robert add channel=chan_ke_2 datapath=dp_teresa name=cfg_2_teresa rates=rates security=sec_teresa ssid=wifis.org/ke/teresa add channel=chan_ke_2 datapath=dp_tobias name=cfg_2_tobias rates=rates security=sec_tobias ssid=wifis.org/ke/tobias /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot /ip pool add name=pool_robert ranges=172.24.42.110-172.24.42.200 add name=pool_brigitte ranges=172.24.50.110-172.24.50.200 add name=pool_tobias ranges=172.24.51.110-172.24.51.200 add name=pool_teresa ranges=172.24.52.110-172.24.52.200 /ip dhcp-server add address-pool=pool_robert authoritative=after-2sec-delay interface=br_robert name=dhcp_robert add address-pool=pool_brigitte authoritative=after-2sec-delay interface=br_brigitte name=dhcp_brigitte add address-pool=pool_tobias authoritative=after-2sec-delay interface=br_tobias name=dhcp_tobias add address-pool=pool_teresa authoritative=after-2sec-delay interface=br_teresa name=dhcp_teresa /routing bgp instance set default as=65000 client-to-client-reflection=no router-id=172.24.255.89 /routing ospf instance set [ find default=yes ] redistribute-connected=as-type-1 router-id=172.24.255.89 /snmp community set [ find default=yes ] addresses=172.24.1.0/24,172.24.10.0/24 authentication-protocol=SHA1 encryption-protocol=AES name=jie6Wao5weeSahs add addresses=172.24.1.0/24,172.24.10.0/24 authentication-password=nUTIRozDeJMiQ2Goj8BR authentication-protocol=SHA1 encryption-password=nUTIRozDeJMiQ2Goj8BR encryption-protocol=AES name=monitor security=private add addresses=172.24.10.0/24 name=public /caps-man manager set ca-certificate=auto certificate=mt-dude.ke.einsle.de enabled=yes upgrade-policy=suggest-same-version /caps-man provisioning add action=create-dynamic-enabled hw-supported-modes=ac,an master-configuration=cfg_5_radius name-format=prefix-identity name-prefix=cap-5- slave-configurations=cfg_5_robert,cfg_5_brigitte,cfg_5_tobias,cfg_5_teresa,cfg_5_gast add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=cfg_2_radius name-format=prefix-identity name-prefix=cap-2- slave-configurations=cfg_2_robert,cfg_2_brigitte,cfg_2_tobias,cfg_2_teresa,cfg_2_gast /dude set data-directory=disk1 enabled=yes /interface bridge port add bridge=br_mgmt interface=vlan1 add bridge=br_server interface=vlan10 add bridge=br_robert interface=vlan42 add bridge=br_brigitte interface=vlan50 add bridge=br_tobias interface=vlan51 add bridge=br_teresa interface=vlan52 add bridge=br_voip interface=vlan60 add bridge=br_test interface=vlan90 add bridge=br_gast interface=vlan99 add bridge=br_lan interface=ether1 /interface ethernet switch vlan add independent-learning=yes ports=switch1-cpu,ether1 switch=switch1 vlan-id=1 add independent-learning=yes ports=switch1-cpu,ether1 switch=switch1 vlan-id=10 add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=42 add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=50 add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=51 add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=52 add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=60 add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=90 add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=99 /ip address add address=172.24.42.89/24 interface=br_robert network=172.24.42.0 add address=172.24.1.89/24 interface=br_mgmt network=172.24.1.0 add address=172.24.10.89/24 interface=br_server network=172.24.10.0 add address=172.24.52.89/24 interface=br_teresa network=172.24.52.0 add address=172.24.50.89/24 interface=br_brigitte network=172.24.50.0 add address=172.24.51.89/24 interface=br_tobias network=172.24.51.0 add address=172.24.255.89 interface=br_lo network=172.24.255.89 add address=172.24.0.26/30 interface=ether1 network=172.24.0.24 add address=172.24.60.89/24 interface=br_voip network=172.24.60.0 /ip dhcp-server network add address=172.24.42.89/32 dns-server=8.8.8.8,172.24.10.13,172.24.10.17 gateway=172.24.42.2 netmask=24 add address=172.24.50.89/32 dns-server=8.8.8.8,172.24.10.13,172.24.10.17 gateway=172.24.50.2 netmask=24 add address=172.24.51.89/32 dns-server=8.8.8.8,172.24.10.13,172.24.10.17 gateway=172.24.51.2 netmask=24 add address=172.24.52.89/32 dns-server=8.8.8.8,172.24.10.13,172.24.10.17 gateway=172.24.52.2 netmask=24 /ip dns set servers=172.24.10.11,172.24.10.12 /ip route add distance=1 gateway=172.24.1.1 /ip smb shares set [ find default=yes ] directory=/pub /ip ssh set allow-none-crypto=yes forwarding-enabled=remote /mpls ldp set lsr-id=172.24.255.89 transport-address=172.24.255.89 /mpls ldp interface add disabled=yes interface=ether1 /radius add address=172.24.10.25 disabled=yes domain=wlan.ke.einsle.de secret=zu6OhMe8ien5 service=wireless timeout=1s add address=172.24.42.109 domain=ke.einsle.de secret=ni.xd.ol service=wireless timeout=1s /routing bgp peer add address-families=ip,l2vpn,l2vpn-cisco,vpnv4 name=mt-kg remote-address=172.24.255.91 remote-as=65000 ttl=default update-source=br_lo /routing ospf network add area=backbone network=172.24.255.89/32 add area=backbone network=172.24.0.24/30 add area=backbone network=172.24.1.0/24 /snmp set contact="Robert Einsle " enabled=yes location="Kempten, Keller" /system clock set time-zone-name=Europe/Berlin /system identity set name=mt-dude /system ntp client set enabled=yes primary-ntp=172.24.10.13 secondary-ntp=172.24.10.12 /system resource irq rps set ether1 disabled=no set ether2 disabled=no set ether3 disabled=no set ether4 disabled=no set ether5 disabled=no /system scheduler add interval=1d name=backup on-event="/system backup save name=mt-dude" policy=write start-date=oct/02/2017 start-time=00:00:00 /tool romon set enabled=yes id=6C:3B:6B:88:34:48 secrets=78f244b59c