184 lines
11 KiB
Plaintext
184 lines
11 KiB
Plaintext
# routerboard: yes
|
|
# board-name: hEX
|
|
# model: RouterBOARD 750G r3
|
|
# serial-number: 6F3806DF15CA
|
|
# firmware-type: mt7621L
|
|
# factory-firmware: 3.34
|
|
# current-firmware: 6.45.3
|
|
# upgrade-firmware: 6.45.3
|
|
#
|
|
# channel: stable
|
|
# installed-version: 6.45.3
|
|
#
|
|
# Flags: U - undoable, R - redoable, F - floating-undo
|
|
# ACTION BY POLICY
|
|
#
|
|
# software id = QCYC-SED2
|
|
#
|
|
# model = RouterBOARD 750G r3
|
|
# serial number = 6F3806DF15CA
|
|
/caps-man channel
|
|
add band=5ghz-onlyac name=chan_ke_5
|
|
add band=2ghz-g/n name=chan_ke_2
|
|
/interface bridge
|
|
add fast-forward=no name=br_brigitte protocol-mode=none
|
|
add fast-forward=no name=br_gast protocol-mode=none
|
|
add fast-forward=no name=br_lan protocol-mode=none
|
|
add fast-forward=no name=br_lo protocol-mode=none
|
|
add fast-forward=no name=br_mgmt protocol-mode=none
|
|
add fast-forward=no name=br_robert protocol-mode=none
|
|
add fast-forward=no name=br_server protocol-mode=none
|
|
add fast-forward=no name=br_teresa protocol-mode=none
|
|
add fast-forward=no name=br_test protocol-mode=none
|
|
add fast-forward=no name=br_tobias protocol-mode=none
|
|
add fast-forward=no name=br_voip protocol-mode=none
|
|
/interface ethernet
|
|
set [ find default-name=ether1 ] speed=100Mbps
|
|
set [ find default-name=ether2 ] speed=100Mbps
|
|
set [ find default-name=ether3 ] speed=100Mbps
|
|
set [ find default-name=ether4 ] speed=100Mbps
|
|
set [ find default-name=ether5 ] speed=100Mbps
|
|
/interface vlan
|
|
add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan1 vlan-id=1
|
|
add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan10 vlan-id=10
|
|
add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan42 vlan-id=42
|
|
add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan50 vlan-id=50
|
|
add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan51 vlan-id=51
|
|
add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan52 vlan-id=52
|
|
add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan60 vlan-id=60
|
|
add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan90 vlan-id=90
|
|
add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan99 vlan-id=99
|
|
/caps-man datapath
|
|
add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=dp_radius
|
|
add bridge=br_robert client-to-client-forwarding=yes local-forwarding=no name=dp_robert
|
|
add bridge=br_brigitte client-to-client-forwarding=yes local-forwarding=no name=dp_brigitte
|
|
add bridge=br_tobias client-to-client-forwarding=yes local-forwarding=no name=dp_tobias
|
|
add bridge=br_teresa client-to-client-forwarding=yes local-forwarding=no name=dp_teresa
|
|
add bridge=br_gast client-to-client-forwarding=no local-forwarding=no name=dp_gast
|
|
/caps-man rates
|
|
add basic=12Mbps name=rates supported=12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps
|
|
/caps-man security
|
|
add authentication-types=wpa2-eap eap-methods=passthrough encryption=aes-ccm group-encryption=aes-ccm name=sec_radius
|
|
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_robert passphrase=DasIstEinTest!
|
|
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_brigitte passphrase=aH4duhoo
|
|
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_tobias passphrase=eifohk5U
|
|
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_teresa passphrase=Em0aiLei
|
|
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_gast passphrase=aseeci9oQu8Ooru
|
|
/caps-man configuration
|
|
add channel=chan_ke_5 country=germany datapath=dp_radius hide-ssid=no mode=ap name=cfg_5_radius rates=rates security=sec_radius ssid=wifis.org/ke/bertling
|
|
add channel=chan_ke_5 datapath=dp_robert name=cfg_5_robert rates=rates security=sec_robert ssid=wifis.org/ke/robert
|
|
add channel=chan_ke_5 datapath=dp_brigitte name=cfg_5_brigitte rates=rates security=sec_brigitte ssid=wifis.org/ke/brigitte
|
|
add channel=chan_ke_5 datapath=dp_tobias name=cfg_5_tobias rates=rates security=sec_tobias ssid=wifis.org/ke/tobias
|
|
add channel=chan_ke_5 datapath=dp_teresa name=cfg_5_teresa rates=rates security=sec_teresa ssid=wifis.org/ke/teresa
|
|
add channel=chan_ke_5 datapath=dp_gast name=cfg_5_gast rates=rates security=sec_gast ssid=wifis.org/ke/gast
|
|
add channel=chan_ke_2 country=germany datapath=dp_radius hide-ssid=no mode=ap name=cfg_2_radius rates=rates security=sec_radius ssid=wifis.org/ke/bertling
|
|
add channel=chan_ke_2 datapath=dp_brigitte name=cfg_2_brigitte rates=rates security=sec_brigitte ssid=wifis.org/ke/brigitte
|
|
add channel=chan_ke_2 datapath=dp_gast name=cfg_2_gast rates=rates security=sec_gast ssid=wifis.org/ke/gast
|
|
add channel=chan_ke_2 datapath=dp_robert name=cfg_2_robert rates=rates security=sec_robert ssid=wifis.org/ke/robert
|
|
add channel=chan_ke_2 datapath=dp_teresa name=cfg_2_teresa rates=rates security=sec_teresa ssid=wifis.org/ke/teresa
|
|
add channel=chan_ke_2 datapath=dp_tobias name=cfg_2_tobias rates=rates security=sec_tobias ssid=wifis.org/ke/tobias
|
|
/interface wireless security-profiles
|
|
set [ find default=yes ] supplicant-identity=MikroTik
|
|
/ip hotspot profile
|
|
set [ find default=yes ] html-directory=flash/hotspot
|
|
/ip pool
|
|
add name=pool_robert ranges=172.24.42.110-172.24.42.200
|
|
add name=pool_brigitte ranges=172.24.50.110-172.24.50.200
|
|
add name=pool_tobias ranges=172.24.51.110-172.24.51.200
|
|
add name=pool_teresa ranges=172.24.52.110-172.24.52.200
|
|
/ip dhcp-server
|
|
add address-pool=pool_robert authoritative=after-2sec-delay interface=br_robert name=dhcp_robert
|
|
add address-pool=pool_brigitte authoritative=after-2sec-delay interface=br_brigitte name=dhcp_brigitte
|
|
add address-pool=pool_tobias authoritative=after-2sec-delay interface=br_tobias name=dhcp_tobias
|
|
add address-pool=pool_teresa authoritative=after-2sec-delay interface=br_teresa name=dhcp_teresa
|
|
/routing bgp instance
|
|
set default as=65000 client-to-client-reflection=no router-id=172.24.255.89
|
|
/routing ospf instance
|
|
set [ find default=yes ] redistribute-connected=as-type-1 router-id=172.24.255.89
|
|
/snmp community
|
|
set [ find default=yes ] addresses=172.24.1.0/24,172.24.10.0/24 authentication-protocol=SHA1 encryption-protocol=AES name=jie6Wao5weeSahs
|
|
add addresses=172.24.1.0/24,172.24.10.0/24 authentication-password=nUTIRozDeJMiQ2Goj8BR authentication-protocol=SHA1 encryption-password=nUTIRozDeJMiQ2Goj8BR encryption-protocol=AES name=monitor security=private
|
|
add addresses=172.24.10.0/24 name=public
|
|
/caps-man manager
|
|
set ca-certificate=auto certificate=mt-dude.ke.einsle.de enabled=yes upgrade-policy=suggest-same-version
|
|
/caps-man provisioning
|
|
add action=create-dynamic-enabled hw-supported-modes=ac,an master-configuration=cfg_5_radius name-format=prefix-identity name-prefix=cap-5- slave-configurations=cfg_5_robert,cfg_5_brigitte,cfg_5_tobias,cfg_5_teresa,cfg_5_gast
|
|
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=cfg_2_radius name-format=prefix-identity name-prefix=cap-2- slave-configurations=cfg_2_robert,cfg_2_brigitte,cfg_2_tobias,cfg_2_teresa,cfg_2_gast
|
|
/dude
|
|
set data-directory=disk1 enabled=yes
|
|
/interface bridge port
|
|
add bridge=br_mgmt interface=vlan1
|
|
add bridge=br_server interface=vlan10
|
|
add bridge=br_robert interface=vlan42
|
|
add bridge=br_brigitte interface=vlan50
|
|
add bridge=br_tobias interface=vlan51
|
|
add bridge=br_teresa interface=vlan52
|
|
add bridge=br_voip interface=vlan60
|
|
add bridge=br_test interface=vlan90
|
|
add bridge=br_gast interface=vlan99
|
|
add bridge=br_lan interface=ether1
|
|
/interface ethernet switch vlan
|
|
add independent-learning=yes ports=switch1-cpu,ether1 switch=switch1 vlan-id=1
|
|
add independent-learning=yes ports=switch1-cpu,ether1 switch=switch1 vlan-id=10
|
|
add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=42
|
|
add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=50
|
|
add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=51
|
|
add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=52
|
|
add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=60
|
|
add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=90
|
|
add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=99
|
|
/ip address
|
|
add address=172.24.42.89/24 interface=br_robert network=172.24.42.0
|
|
add address=172.24.1.89/24 interface=br_mgmt network=172.24.1.0
|
|
add address=172.24.10.89/24 interface=br_server network=172.24.10.0
|
|
add address=172.24.52.89/24 interface=br_teresa network=172.24.52.0
|
|
add address=172.24.50.89/24 interface=br_brigitte network=172.24.50.0
|
|
add address=172.24.51.89/24 interface=br_tobias network=172.24.51.0
|
|
add address=172.24.255.89 interface=br_lo network=172.24.255.89
|
|
add address=172.24.0.26/30 interface=ether1 network=172.24.0.24
|
|
add address=172.24.60.89/24 interface=br_voip network=172.24.60.0
|
|
/ip dhcp-server network
|
|
add address=172.24.42.89/32 dns-server=8.8.8.8,172.24.10.13,172.24.10.17 gateway=172.24.42.2 netmask=24
|
|
add address=172.24.50.89/32 dns-server=8.8.8.8,172.24.10.13,172.24.10.17 gateway=172.24.50.2 netmask=24
|
|
add address=172.24.51.89/32 dns-server=8.8.8.8,172.24.10.13,172.24.10.17 gateway=172.24.51.2 netmask=24
|
|
add address=172.24.52.89/32 dns-server=8.8.8.8,172.24.10.13,172.24.10.17 gateway=172.24.52.2 netmask=24
|
|
/ip dns
|
|
set servers=172.24.10.11,172.24.10.12
|
|
/ip route
|
|
add distance=1 gateway=172.24.1.1
|
|
/ip smb shares
|
|
set [ find default=yes ] directory=/pub
|
|
/ip ssh
|
|
set allow-none-crypto=yes forwarding-enabled=remote
|
|
/mpls ldp
|
|
set lsr-id=172.24.255.89 transport-address=172.24.255.89
|
|
/mpls ldp interface
|
|
add disabled=yes interface=ether1
|
|
/radius
|
|
add address=172.24.10.25 disabled=yes domain=wlan.ke.einsle.de secret=zu6OhMe8ien5 service=wireless timeout=1s
|
|
add address=172.24.42.109 domain=ke.einsle.de secret=ni.xd.ol service=wireless timeout=1s
|
|
/routing bgp peer
|
|
add address-families=ip,l2vpn,l2vpn-cisco,vpnv4 name=mt-kg remote-address=172.24.255.91 remote-as=65000 ttl=default update-source=br_lo
|
|
/routing ospf network
|
|
add area=backbone network=172.24.255.89/32
|
|
add area=backbone network=172.24.0.24/30
|
|
add area=backbone network=172.24.1.0/24
|
|
/snmp
|
|
set contact="Robert Einsle <robert@einsle.de>" enabled=yes location="Kempten, Keller"
|
|
/system clock
|
|
set time-zone-name=Europe/Berlin
|
|
/system identity
|
|
set name=mt-dude
|
|
/system ntp client
|
|
set enabled=yes primary-ntp=172.24.10.13 secondary-ntp=172.24.10.12
|
|
/system resource irq rps
|
|
set ether1 disabled=no
|
|
set ether2 disabled=no
|
|
set ether3 disabled=no
|
|
set ether4 disabled=no
|
|
set ether5 disabled=no
|
|
/system scheduler
|
|
add interval=1d name=backup on-event="/system backup save name=mt-dude" policy=write start-date=oct/02/2017 start-time=00:00:00
|
|
/tool romon
|
|
set enabled=yes id=6C:3B:6B:88:34:48 secrets=78f244b59c
|