120 lines
5.5 KiB
Plaintext
120 lines
5.5 KiB
Plaintext
# routerboard: yes
|
|
# model: CRS109-8G-1S-2HnD
|
|
# serial-number: 522D04EAB949
|
|
# firmware-type: ar9344
|
|
# factory-firmware: 3.19
|
|
# current-firmware: 6.45.7
|
|
# upgrade-firmware: 6.45.7
|
|
#
|
|
# channel: stable
|
|
# installed-version: 6.45.7
|
|
#
|
|
# Flags: U - undoable, R - redoable, F - floating-undo
|
|
# ACTION BY POLICY
|
|
# U service port changed admin write
|
|
# U service port changed admin write
|
|
# U service port changed admin write
|
|
# U service port changed admin write
|
|
# U service port changed admin write
|
|
# U service port changed admin write
|
|
# U service port changed admin write
|
|
# U service port changed admin write
|
|
#
|
|
# software id = A0ZE-2DFY
|
|
#
|
|
# model = CRS109-8G-1S-2HnD
|
|
# serial number = 522D04EAB949
|
|
/interface bridge
|
|
add name=br_lan protocol-mode=none vlan-filtering=yes
|
|
/interface ethernet
|
|
set [ find default-name=ether1 ] loop-protect=on name=eth1_kg rx-flow-control=auto tx-flow-control=auto
|
|
set [ find default-name=ether2 ] loop-protect=on name=eth2_gamer42 rx-flow-control=auto tx-flow-control=auto
|
|
set [ find default-name=ether3 ] loop-protect=on name=eth3_lappi42 rx-flow-control=auto tx-flow-control=auto
|
|
set [ find default-name=ether4 ] loop-protect=on name=eth4_mawoh rx-flow-control=auto tx-flow-control=auto
|
|
set [ find default-name=ether5 ] loop-protect=on name=eth5_gelb rx-flow-control=auto tx-flow-control=auto
|
|
set [ find default-name=ether6 ] loop-protect=on name=eth6_rot rx-flow-control=auto tx-flow-control=auto
|
|
set [ find default-name=ether7 ] loop-protect=on name=eth7_blau rx-flow-control=auto tx-flow-control=auto
|
|
set [ find default-name=ether8 ] loop-protect=on name=eth8_weiss rx-flow-control=auto tx-flow-control=auto
|
|
/interface wireless
|
|
set [ find default-name=wlan1 ] ssid=MikroTik
|
|
/interface vlan
|
|
add interface=br_lan name=vlan1 vlan-id=1
|
|
add interface=br_lan name=vlan10 vlan-id=10
|
|
add interface=br_lan name=vlan42 vlan-id=42
|
|
/interface wireless security-profiles
|
|
set [ find default=yes ] supplicant-identity=MikroTik
|
|
/interface bridge port
|
|
add bridge=br_lan interface=eth1_kg trusted=yes
|
|
add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth2_gamer42 pvid=42
|
|
add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth3_lappi42 pvid=42
|
|
add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth4_mawoh pvid=42
|
|
add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth5_gelb pvid=42
|
|
add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth6_rot pvid=42
|
|
add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth7_blau pvid=42
|
|
add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=eth8_weiss pvid=42
|
|
add bridge=br_lan interface=vlan1
|
|
add bridge=br_lan interface=vlan10 pvid=10
|
|
add bridge=br_lan interface=vlan42 pvid=42
|
|
/interface bridge vlan
|
|
add bridge=br_lan tagged=br_lan,eth1_kg,vlan42 untagged="eth2_gamer42,eth3_lappi42,eth4_mawoh,eth5_gelb,eth6_rot,eth7_blau,eth8_weiss" vlan-ids=42
|
|
add bridge=br_lan tagged=br_lan,eth1_kg,vlan10 vlan-ids=10
|
|
add bridge=br_lan tagged=br_lan,eth1_kg,vlan1 vlan-ids=1
|
|
add bridge=br_lan tagged=br_lan,eth1_kg vlan-ids=50
|
|
add bridge=br_lan tagged=br_lan,eth1_kg vlan-ids=51
|
|
add bridge=br_lan tagged=br_lan,eth1_kg vlan-ids=52
|
|
add bridge=br_lan tagged=br_lan,eth1_kg vlan-ids=60
|
|
add bridge=br_lan tagged=br_lan,eth1_kg vlan-ids=90
|
|
add bridge=br_lan tagged=br_lan,eth1_kg vlan-ids=99
|
|
/ip address
|
|
add address=172.24.1.94/24 interface=vlan1 network=172.24.1.0
|
|
add address=172.24.10.94/24 interface=vlan10 network=172.24.10.0
|
|
add address=172.24.42.94/24 interface=vlan42 network=172.24.42.0
|
|
/ip cloud
|
|
set ddns-enabled=yes
|
|
/ip dns
|
|
set servers=172.24.10.11,172.24.10.12
|
|
/ip firewall filter
|
|
add action=accept chain=input comment="allow established, related" connection-state=established,related
|
|
add action=drop chain=input comment="drop invalid" connection-state=invalid
|
|
add action=accept chain=forward comment="allow established, related" connection-state=established,related
|
|
add action=drop chain=forward comment="drop invalid" connection-state=invalid
|
|
/ip firewall service-port
|
|
set tftp disabled=yes
|
|
set irc disabled=yes
|
|
set h323 disabled=yes
|
|
set sip disabled=yes
|
|
set pptp disabled=yes
|
|
set udplite disabled=yes
|
|
set dccp disabled=yes
|
|
set sctp disabled=yes
|
|
/ip route
|
|
add distance=1 gateway=172.24.1.1
|
|
/ip service
|
|
set telnet disabled=yes
|
|
set ftp disabled=yes
|
|
set www-ssl certificate=mt-bu.ke.einsle.de disabled=no
|
|
set api disabled=yes
|
|
set api-ssl disabled=yes
|
|
/ip ssh
|
|
set host-key-size=4096 strong-crypto=yes
|
|
/lcd
|
|
set enabled=no
|
|
/lcd interface pages
|
|
set 0 interfaces=wlan1
|
|
/system clock
|
|
set time-zone-name=Europe/Berlin
|
|
/system identity
|
|
set name=mt-bu
|
|
/system ntp client
|
|
set enabled=yes primary-ntp=172.24.10.11 secondary-ntp=172.24.10.12
|
|
/tool bandwidth-server
|
|
set enabled=no
|
|
/tool graphing interface
|
|
add store-on-disk=no
|
|
/tool graphing queue
|
|
add store-on-disk=no
|
|
/tool graphing resource
|
|
add store-on-disk=no
|
|
/tool romon
|
|
set enabled=yes id=4C:5E:0C:A4:9C:1D secrets=78f244b59c
|