config/mikrotik/mt-kg2.ke.einsle.de
2019-08-03 12:29:21 +02:00

182 lines
13 KiB
Plaintext

# routerboard: yes
# model: CRS326-24G-2S+
# serial-number: 763C07D3969D
# firmware-type: dx3230L
# factory-firmware: 3.37
# current-firmware: 6.45.3
# upgrade-firmware: 6.45.3
#
# channel: stable
# installed-version: 6.45.3
#
# Flags: U - undoable, R - redoable, F - floating-undo
# ACTION BY POLICY
#
# software id = NK6R-LJLR
#
# model = CRS326-24G-2S+
# serial number = 763C07D3969D
/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2412 name=chan_2 tx-power=10
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled frequency=5180 name=chan_5 tx-power=20
/interface bridge
add name=br_lan protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=ether1_og
set [ find default-name=ether2 ] name=ether2_dg
set [ find default-name=ether3 ] name=ether3_prn
set [ find default-name=ether4 ] name=ether4_kdg
set [ find default-name=ether5 ] name=ether5_wohn
set [ find default-name=ether6 ] name=ether6_wap
set [ find default-name=ether7 ] name=ether7_b1
set [ find default-name=ether8 ] name=ether8_kedc02
set [ find default-name=ether9 ] disabled=yes
set [ find default-name=ether10 ] disabled=yes
set [ find default-name=ether11 ] disabled=yes
set [ find default-name=ether12 ] name=ether12_mteg
set [ find default-name=ether13 ] name=ether13_buwap
set [ find default-name=ether14 ] name=ether14_fw1_lan1
set [ find default-name=ether15 ] name=ether15_fw1_lan2
set [ find default-name=ether16 ] name=ether16_fw1_lan3
set [ find default-name=ether17 ] name=ether17_ohorst1
set [ find default-name=ether18 ] name=ether18_ohorst2
set [ find default-name=ether19 ] name=ether19_ohorstipmi
set [ find default-name=ether20 ] name=ether20_horstipmi
set [ find default-name=ether21 ] name=ether21_horst1
set [ find default-name=ether22 ] mac-address=64:D1:54:C5:AC:18 name=ether22_horst2
set [ find default-name=ether23 ] name=ether23_nas1
set [ find default-name=ether24 ] mac-address=64:D1:54:C5:AC:1A name=ether24_nas2
set [ find default-name=sfp-sfpplus1 ] name=sfp-sfpplus1-eg
/interface vlan
add interface=br_lan name=vlan1 vlan-id=1
add interface=br_lan name=vlan2 vlan-id=2
add interface=br_lan name=vlan4 vlan-id=4
add interface=br_lan name=vlan10 vlan-id=10
add interface=br_lan name=vlan42 vlan-id=42
add interface=br_lan name=vlan50 vlan-id=50
add interface=br_lan name=vlan51 vlan-id=51
add interface=br_lan name=vlan52 vlan-id=52
add interface=br_lan name=vlan60 vlan-id=60
add interface=br_lan name=vlan90 vlan-id=90
add interface=br_lan name=vlan99 vlan-id=99
/interface bonding
add mode=802.3ad name=bond_horst slaves=ether21_horst1,ether22_horst2
add mode=802.3ad name=bond_nas slaves=ether23_nas1,ether24_nas2
/caps-man datapath
add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=dp_robert vlan-id=42 vlan-mode=use-tag
add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=db_brigitte vlan-id=50 vlan-mode=use-tag
add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=dp_tobias vlan-id=51 vlan-mode=use-tag
add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=dp_teresa vlan-id=52 vlan-mode=use-tag
add bridge=br_lan client-to-client-forwarding=no local-forwarding=no name=dp_gast vlan-id=99 vlan-mode=use-tag
add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=dp_radius vlan-mode=use-tag
/caps-man rates
add basic=12Mbps name=basic_rates_2 supported=12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps
add basic=24Mbps name=basic_rates_5 supported=24Mbps,36Mbps,48Mbps,54Mbps
/caps-man security
add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=sec_robert passphrase=DasIstEinTest!
add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=sec_brigitte passphrase=aH4duhoo
add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=sec_tobias passphrase=eifohk5U
add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=sec_teresa passphrase=Em0aiLei
add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=sec_gast passphrase=aseeci9oQu8Ooru
add authentication-types=wpa2-eap disable-pmkid=yes eap-methods=passthrough group-key-update=1h name=sec_radius
/caps-man configuration
add channel=chan_2 country=germany datapath=dp_robert mode=ap name=cfg_2_robert rates=basic_rates_2 security=sec_robert ssid=wifis.org/ke/robert
add channel=chan_5 country=germany datapath=db_brigitte mode=ap name=cfg_5_brigitte rates=basic_rates_5 security=sec_brigitte ssid=wifis.org/ke/brigitte
add channel=chan_2 country=germany datapath=dp_tobias mode=ap name=cfg_2_tobias rates=basic_rates_2 security=sec_tobias ssid=wifis.org/ke/tobias
add channel=chan_2 country=germany datapath=dp_teresa mode=ap name=cfg_2_teresa rates=basic_rates_2 security=sec_teresa ssid=wifis.org/ke/teresa
add channel=chan_2 country=germany datapath=dp_gast mode=ap name=cfg_2_gast rates=basic_rates_2 security=sec_gast ssid=wifis.org/ke/gast
add channel=chan_2 country=germany datapath=dp_radius mode=ap name=cfg_2_radius rates=basic_rates_2 security=sec_radius ssid=wifis.org/ke/bertling
add channel=chan_5 country=germany datapath=dp_radius mode=ap name=cfg_5_radius rates=basic_rates_5 security=sec_radius ssid=wifis.org/ke/bertling
add channel=chan_2 country=germany datapath=db_brigitte mode=ap name=cfg_2_brigitte rates=basic_rates_2 security=sec_brigitte ssid=wifis.org/ke/brigitte
add channel=chan_5 country=germany datapath=dp_gast mode=ap name=cfg_5_gast rates=basic_rates_5 security=sec_gast ssid=wifis.org/ke/gast
add channel=chan_5 country=germany datapath=dp_robert mode=ap name=cfg_5_robert rates=basic_rates_5 security=sec_robert ssid=wifis.org/ke/robert
add channel=chan_5 country=germany datapath=dp_teresa mode=ap name=cfg_5_teresa rates=basic_rates_5 security=sec_teresa ssid=wifis.org/ke/teresa
add channel=chan_5 country=germany datapath=dp_tobias mode=ap name=cfg_5_tobias rates=basic_rates_5 security=sec_tobias ssid=wifis.org/ke/tobias
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/snmp community
set [ find default=yes ] read-access=no
add addresses=172.24.0.0/16 authentication-password=nUTIRozDeJMiQ2Goj8BR authentication-protocol=SHA1 encryption-password=nUTIRozDeJMiQ2Goj8BR encryption-protocol=AES name=monitor security=private
/caps-man manager
set enabled=yes upgrade-policy=suggest-same-version
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=vlan42
add disabled=no interface=vlan1
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=cfg_2_radius name-format=prefix-identity name-prefix=cap-2 slave-configurations=cfg_2_robert,cfg_2_brigitte,cfg_2_gast,cfg_2_teresa,cfg_2_tobias
add action=create-dynamic-enabled hw-supported-modes=ac,an master-configuration=cfg_5_radius name-format=prefix-identity name-prefix=cap-5 slave-configurations=cfg_5_robert,cfg_5_brigitte,cfg_5_gast,cfg_5_teresa,cfg_5_tobias
/interface bridge port
add bridge=br_lan frame-types=admit-only-vlan-tagged interface=ether1_og
add bridge=br_lan frame-types=admit-only-vlan-tagged interface=ether2_dg
add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether3_prn pvid=10
add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether4_kdg pvid=4
add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether5_wohn pvid=42
add bridge=br_lan frame-types=admit-only-vlan-tagged interface=ether6_wap
add bridge=br_lan frame-types=admit-only-vlan-tagged interface=ether7_b1
add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether8_kedc02 pvid=10
add bridge=br_lan interface=ether9
add bridge=br_lan interface=ether10
add bridge=br_lan interface=ether11
add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether12_mteg pvid=42
add bridge=br_lan interface=ether13_buwap pvid=42
add bridge=br_lan interface=ether14_fw1_lan1
add bridge=br_lan interface=ether15_fw1_lan2
add bridge=br_lan interface=ether16_fw1_lan3
add bridge=br_lan frame-types=admit-only-vlan-tagged interface=ether17_ohorst1
add bridge=br_lan frame-types=admit-only-vlan-tagged interface=ether18_ohorst2
add bridge=br_lan interface=ether19_ohorstipmi
add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether20_horstipmi
add bridge=br_lan frame-types=admit-only-vlan-tagged interface=sfp-sfpplus1-eg pvid=42
add bridge=br_lan interface=sfp-sfpplus2
add bridge=br_lan interface=bond_horst
add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=bond_nas pvid=10
/interface bridge vlan
add bridge=br_lan tagged="br_lan,bond_horst,sfp-sfpplus1-eg,sfp-sfpplus2,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" untagged=ether19_ohorstipmi,ether20_horstipmi vlan-ids=1
add bridge=br_lan tagged="br_lan,bond_horst,sfp-sfpplus1-eg,sfp-sfpplus2,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" vlan-ids=2
add bridge=br_lan tagged="br_lan,bond_horst,sfp-sfpplus1-eg,sfp-sfpplus2,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" untagged=ether4_kdg vlan-ids=4
add bridge=br_lan tagged="br_lan,bond_horst,sfp-sfpplus1-eg,sfp-sfpplus2,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether17_ohorst1,ether18_ohorst2" untagged=bond_nas,ether3_prn,ether8_kedc02 vlan-ids=10
add bridge=br_lan tagged="br_lan,bond_horst,sfp-sfpplus1-eg,sfp-sfpplus2,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" untagged=ether5_wohn,ether13_buwap vlan-ids=42
add bridge=br_lan tagged="br_lan,sfp-sfpplus1-eg,sfp-sfpplus2,bond_horst,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" vlan-ids=50
add bridge=br_lan tagged="br_lan,sfp-sfpplus1-eg,sfp-sfpplus2,bond_horst,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" vlan-ids=51
add bridge=br_lan tagged="br_lan,sfp-sfpplus1-eg,sfp-sfpplus2,bond_horst,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" vlan-ids=52
add bridge=br_lan tagged="br_lan,sfp-sfpplus1-eg,sfp-sfpplus2,bond_horst,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" vlan-ids=60
add bridge=br_lan tagged="br_lan,sfp-sfpplus1-eg,sfp-sfpplus2,bond_horst,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether17_ohorst1,ether18_ohorst2" vlan-ids=90
add bridge=br_lan tagged="br_lan,sfp-sfpplus1-eg,sfp-sfpplus2,bond_horst,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether17_ohorst1,ether18_ohorst2" vlan-ids=99
add bridge=br_lan tagged=br_lan,bond_horst,ether17_ohorst1,ether18_ohorst2 vlan-ids=11
/ip address
add address=172.24.1.97/24 interface=vlan1 network=172.24.1.0
add address=172.24.10.90/24 interface=vlan10 network=172.24.10.0
add address=172.24.42.90/24 interface=vlan42 network=172.24.42.0
add address=172.24.4.104/24 interface=vlan4 network=172.24.4.0
add address=172.24.42.1/24 disabled=yes interface=vlan42 network=172.24.42.0
add address=172.24.1.1/24 disabled=yes interface=vlan1 network=172.24.1.0
add address=172.24.10.1/24 disabled=yes interface=vlan10 network=172.24.10.0
/ip dhcp-relay
add dhcp-server=172.24.10.11,172.24.10.12 disabled=no interface=ether1_og name=relay_42
/ip dns
set allow-remote-requests=yes servers=172.24.10.11,172.24.10.12
/ip route
add distance=1 gateway=172.24.4.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
/ip ssh
set forwarding-enabled=remote host-key-size=4096 strong-crypto=yes
/radius
add address=172.24.10.2 secret=asdfaodfadfzasdf33 service=wireless
/snmp
set contact=admin@einsle.de enabled=yes location=Kempten
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=mt-kg2
/system ntp client
set enabled=yes primary-ntp=172.24.10.11 secondary-ntp=172.24.10.12
/system routerboard settings
set boot-os=router-os
/tool romon
set enabled=yes id=B2:C1:51:48:4E:4F secrets=78f244b59c