-
-
Save BATCOH/42a8b230b1ab9ec5970151bf468be050 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# oct/07/2019 16:47:08 by RouterOS 6.45.6 | |
# software id = Y05Z-6GZW | |
# | |
# model = RBD52G-5HacD2HnD | |
# serial number = B4A40A18B3AE | |
/caps-man channel | |
add band=2ghz-b/g/n name=channel_2.4_auto | |
add band=5ghz-a/n/ac name=channel_5_auto | |
add band=2ghz-b/g/n frequency=2462 name=channel_2.4_11 | |
add band=5ghz-a/n/ac frequency=5700 name=channel_5_140 | |
add band=2ghz-b/g/n frequency=2412 name=channel_2.4_1 | |
add band=2ghz-b/g/n frequency=2417 name=channel_2.4_2 | |
add band=2ghz-b/g/n frequency=2422 name=channel_2.4_3 | |
add band=2ghz-b/g/n frequency=2427 name=channel_2.4_4 | |
add band=2ghz-b/g/n frequency=2432 name=channel_2.4_5 | |
add band=2ghz-b/g/n frequency=2437 name=channel_2.4_6 | |
add band=2ghz-b/g/n frequency=2442 name=channel_2.4_7 | |
add band=2ghz-b/g/n frequency=2447 name=channel_2.4_8 | |
add band=2ghz-b/g/n frequency=2452 name=channel_2.4_9 | |
add band=2ghz-b/g/n frequency=2457 name=channel_2.4_10 | |
add band=2ghz-b/g/n frequency=2467 name=channel_2.4_12 | |
add band=5ghz-a/n/ac frequency=5180 name=channel_5_36 | |
add band=5ghz-a/n/ac frequency=5200 name=channel_5_40 | |
add band=5ghz-a/n/ac frequency=5220 name=channel_5_44 | |
add band=5ghz-a/n/ac frequency=5240 name=channel_5_48 | |
add band=5ghz-a/n/ac frequency=5260 name=channel_5_52 | |
add band=5ghz-a/n/ac frequency=5280 name=channel_5_56 | |
add band=5ghz-a/n/ac frequency=5300 name=channel_5_60 | |
add band=5ghz-a/n/ac frequency=5320 name=channel_5_64 | |
add band=5ghz-a/n/ac frequency=5500 name=channel_5_100 | |
add band=5ghz-a/n/ac frequency=5520 name=channel_5_104 | |
add band=5ghz-a/n/ac frequency=5540 name=channel_5_108 | |
add band=5ghz-a/n/ac frequency=5560 name=channel_5_112 | |
add band=5ghz-a/n/ac frequency=5580 name=channel_5_116 | |
add band=5ghz-a/n/ac frequency=5600 name=channel_5_120 | |
add band=5ghz-a/n/ac frequency=5620 name=channel_5_124 | |
add band=5ghz-a/n/ac frequency=5640 name=channel_5_128 | |
add band=5ghz-a/n/ac frequency=5660 name=channel_5_132 | |
add band=5ghz-a/n/ac frequency=5680 name=channel_5_136 | |
add band=5ghz-a/n/ac frequency=5700 name=channel_5_140 | |
add band=5ghz-a/n/ac frequency=5745 name=channel_5_149 | |
add band=5ghz-a/n/ac frequency=5765 name=channel_5_153 | |
add band=5ghz-a/n/ac frequency=5785 name=channel_5_157 | |
add band=5ghz-a/n/ac frequency=5805 name=channel_5_161 | |
add band=5ghz-a/n/ac frequency=5825 name=channel_5_165 | |
/interface bridge | |
add admin-mac=74:4D:28:7E:90:5C arp=proxy-arp auto-mac=no comment=defconf \ | |
name=bridge | |
/interface l2tp-client | |
add allow=chap,mschap1,mschap2 connect-to=x.x.x.x disabled=no name=\ | |
vpn_DC use-ipsec=yes user=vpn_office | |
/interface l2tp-server | |
add name=remote_sa user=remote_sa | |
add name=remote_srv_branch43 user=remote_srv_branch43 | |
/interface wireless | |
# managed by CAPsMAN | |
# channel: 2462/20-eC/gn(15dBm), SSID: Acme, local forwarding | |
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \ | |
disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=Acme \ | |
wireless-protocol=802.11 | |
# managed by CAPsMAN | |
# channel: 5805/20-eC/ac(20dBm), SSID: Acme, local forwarding | |
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\ | |
20/40/80mhz-XXXX disabled=no distance=indoors frequency=auto mode=\ | |
ap-bridge ssid=Acme wireless-protocol=802.11 | |
/caps-man datapath | |
add arp=proxy-arp bridge=bridge client-to-client-forwarding=yes \ | |
local-forwarding=yes name=datapath1 | |
/caps-man security | |
add authentication-types=wpa2-psk encryption=aes-ccm group-key-update=10m \ | |
name=security_Acme_wpa2_psk | |
/caps-man configuration | |
add channel=channel_2.4_11 channel.band=2ghz-b/g/n channel.tx-power=15 \ | |
country=russia3 datapath=datapath1 mode=ap multicast-helper=full name=\ | |
cfg_2.4_1 rx-chains=0,1,2,3 security=security_Acme_wpa2_psk ssid=Acme \ | |
tx-chains=0,1,2,3 | |
add channel=channel_5_161 channel.band=5ghz-n/ac channel.tx-power=20 country=\ | |
russia3 datapath=datapath1 mode=ap multicast-helper=full name=cfg_5_1 \ | |
rx-chains=0,1,2,3 security=security_Acme_wpa2_psk ssid=Acme tx-chains=\ | |
0,1,2,3 | |
/caps-man interface | |
add configuration=cfg_5_1 disabled=no l2mtu=1600 mac-address=\ | |
74:4D:28:7E:90:D6 master-interface=none name=cap5-13-AP-1 radio-mac=\ | |
74:4D:28:7E:90:D6 radio-name=744D287E90D6 | |
add configuration=cfg_5_1 disabled=no l2mtu=1600 mac-address=\ | |
74:4D:28:7E:90:61 master-interface=none name=cap5-2-GW-1 radio-mac=\ | |
74:4D:28:7E:90:61 radio-name=744D287E9061 | |
add configuration=cfg_5_1 disabled=no l2mtu=1600 mac-address=\ | |
74:4D:28:7E:8E:E0 master-interface=none name=cap5-6-AP-1 radio-mac=\ | |
74:4D:28:7E:8E:E0 radio-name=744D287E8EE0 | |
add configuration=cfg_2.4_1 disabled=no l2mtu=1600 mac-address=\ | |
74:4D:28:7E:90:D5 master-interface=none name=cap24-13-AP-1 \ | |
radio-mac=74:4D:28:7E:90:D5 radio-name=744D287E90D5 | |
add configuration=cfg_2.4_1 disabled=no l2mtu=1600 mac-address=\ | |
74:4D:28:7E:90:60 master-interface=none name=cap24-2-GW-1 radio-mac=\ | |
74:4D:28:7E:90:60 radio-name=744D287E9060 | |
add configuration=cfg_2.4_1 disabled=no l2mtu=1600 mac-address=\ | |
74:4D:28:7E:8E:DF master-interface=none name=cap24-6-AP-1 radio-mac=\ | |
74:4D:28:7E:8E:DF radio-name=744D287E8EDF | |
/interface list | |
add comment=defconf name=WAN | |
add comment=defconf name=LAN | |
/interface wireless security-profiles | |
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \ | |
supplicant-identity=MikroTik | |
/ip hotspot profile | |
set [ find default=yes ] html-directory=flash/hotspot | |
/ip pool | |
add name=dhcp ranges=192.168.88.10-192.168.88.150 | |
add name=vpn ranges=192.168.88.160-192.168.88.180 | |
add name=servers ranges=192.168.88.200-192.168.88.220 | |
/ip dhcp-server | |
add address-pool=dhcp disabled=no interface=bridge lease-time=1h name=default | |
/ppp profile | |
add local-address=192.168.88.1 name=l2tp_profile remote-address=vpn \ | |
use-encryption=yes | |
/caps-man access-list | |
add action=accept allow-signal-out-of-range=10s disabled=no interface=all \ | |
mac-address=E4:18:6B:55:BF:E0 ssid-regexp="" | |
add action=accept allow-signal-out-of-range=10s disabled=no interface=all \ | |
mac-address=E6:18:6B:54:BF:E2 ssid-regexp="" | |
add action=accept disabled=no interface=all signal-range=-79..120 \ | |
ssid-regexp="" | |
add action=reject allow-signal-out-of-range=10s disabled=no interface=all \ | |
signal-range=-120..-80 ssid-regexp="" | |
/caps-man manager | |
set enabled=yes | |
/caps-man manager interface | |
add disabled=no interface=bridge | |
add disabled=no forbid=yes interface=ether1 | |
/caps-man provisioning | |
add action=create-enabled hw-supported-modes=b,gn master-configuration=\ | |
cfg_2.4_1 name-format=prefix-identity name-prefix=cap24 | |
add action=create-enabled hw-supported-modes=an,ac master-configuration=\ | |
cfg_5_1 name-format=prefix-identity name-prefix=cap5 | |
/interface bridge port | |
add bridge=bridge comment=defconf interface=ether3 | |
add bridge=bridge comment=defconf interface=ether4 | |
add bridge=bridge comment=defconf interface=ether5 | |
add bridge=bridge comment=defconf interface=wlan1 | |
add bridge=bridge comment=defconf interface=wlan2 | |
add bridge=bridge interface=ether2 | |
/ip neighbor discovery-settings | |
set discover-interface-list=LAN | |
/interface detect-internet | |
set detect-interface-list=all | |
/interface l2tp-server server | |
set authentication=mschap2 default-profile=l2tp_profile enabled=yes \ | |
use-ipsec=yes | |
/interface list member | |
add comment=defconf interface=bridge list=LAN | |
add comment=defconf interface=ether1 list=WAN | |
add interface=ether2 list=LAN | |
/interface wireless cap | |
# | |
set bridge=bridge caps-man-addresses=127.0.0.1 enabled=yes interfaces=\ | |
wlan1,wlan2 | |
/ip address | |
add address=192.168.88.1/8 comment=defconf interface=ether2 network=192.0.0.0 | |
add address=yy.yy.yy.94/30 interface=ether1 network=yy.yy.yy.92 | |
/ip dhcp-client | |
add comment=defconf dhcp-options=hostname,clientid interface=ether1 | |
/ip dhcp-server lease | |
add address=192.168.88.113 client-id=1:f0:23:b9:47:4e:67 mac-address=\ | |
F0:23:B9:47:4E:67 | |
add address=192.168.88.112 client-id=1:f0:23:b9:47:4d:e1 mac-address=\ | |
F0:23:B9:47:4D:E1 | |
add address=192.168.88.111 client-id=1:f0:23:b9:46:1e:13 mac-address=\ | |
F0:23:B9:46:1E:13 | |
add address=192.168.88.110 client-id=1:f0:23:b9:46:1e:10 mac-address=\ | |
F0:23:B9:46:1E:10 | |
add address=192.168.88.108 client-id=1:f0:23:b9:46:1e:11 mac-address=\ | |
F0:23:B9:46:1E:11 | |
add address=192.168.88.107 client-id=1:f0:23:b9:46:1e:17 mac-address=\ | |
F0:23:B9:46:1E:17 | |
add address=192.168.88.106 client-id=1:f0:23:b9:47:4d:c8 mac-address=\ | |
F0:23:B9:47:4D:C8 | |
add address=192.168.88.105 client-id=1:f0:23:b9:47:4d:cb mac-address=\ | |
F0:23:B9:47:4D:CB | |
add address=192.168.88.104 client-id=1:f0:23:b9:47:4d:bc mac-address=\ | |
F0:23:B9:47:4D:BC | |
add address=192.168.88.103 client-id=1:f0:23:b9:46:1e:e mac-address=\ | |
F0:23:B9:46:1E:0E | |
add address=192.168.88.102 client-id=1:f0:23:b9:47:4d:b9 mac-address=\ | |
F0:23:B9:47:4D:B9 | |
add address=192.168.88.101 client-id=1:f0:23:b9:46:1e:12 mac-address=\ | |
F0:23:B9:46:1E:12 | |
add address=192.168.88.133 client-id=1:50:3e:aa:22:a9:fe mac-address=\ | |
50:3E:AA:22:A9:FE | |
add address=192.168.88.141 client-id=1:50:3e:aa:e8:da:4b mac-address=\ | |
50:3E:AA:E8:DA:4B | |
add address=192.168.88.100 client-id=\ | |
ff:82:e8:95:8d:0:1:0:1:24:f2:b6:8e:b4:a3:82:e8:95:8d mac-address=\ | |
B4:A3:82:E8:95:8D | |
/ip dhcp-server network | |
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1,8.8.4.4 \ | |
gateway=192.168.88.1 netmask=24 | |
/ip dns | |
set servers=192.168.88.1,8.8.8.8,62.112.106.130 | |
/ip dns static | |
add address=192.168.88.1 name=router.lan | |
/ip firewall filter | |
add action=accept chain=input comment=\ | |
"defconf: accept established,related,untracked" connection-state=\ | |
established,related,untracked | |
add action=drop chain=input comment="defconf: drop invalid" connection-state=\ | |
invalid | |
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp | |
add action=accept chain=input dst-address-type=local src-address-type=local | |
add action=accept chain=input comment=\ | |
"allow winbox access from WAN interface" dst-port=8291 protocol=tcp | |
add action=accept chain=input comment="allow incoming L2TP connections" \ | |
disabled=yes port=1701,500,4500 protocol=tcp | |
add action=accept chain=input comment="Allow L2TP IPSEC ports" port=\ | |
1701,500,4500 protocol=udp | |
add action=accept chain=input comment="Allow IPSEC-esp ports" disabled=yes \ | |
protocol=ipsec-esp | |
add action=drop chain=input comment="defconf: drop all not coming from LAN" \ | |
in-interface-list=!LAN | |
add action=accept chain=forward comment="defconf: accept in ipsec policy" \ | |
disabled=yes ipsec-policy=in,ipsec | |
add action=accept chain=forward comment="defconf: accept out ipsec policy" \ | |
disabled=yes ipsec-policy=out,ipsec | |
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ | |
connection-state=established,related | |
add action=accept chain=forward comment=\ | |
"defconf: accept established,related, untracked" connection-state=\ | |
established,related,untracked | |
add action=accept chain=forward comment="allow vpn to lan" disabled=yes \ | |
in-interface=!ether1 out-interface=bridge src-address=192.168.88.0/24 | |
add action=drop chain=forward comment="defconf: drop invalid" \ | |
connection-state=invalid | |
add action=drop chain=forward comment=\ | |
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ | |
connection-state=new disabled=yes in-interface-list=WAN | |
/ip firewall nat | |
add action=masquerade chain=srcnat comment="defconf: masquerade" \ | |
ipsec-policy=out,none out-interface-list=WAN | |
/ip firewall service-port | |
set sip disabled=yes | |
/ip route | |
add distance=1 gateway=yy.yy.yy.93 | |
add distance=1 dst-address=192.168.77.0/24 gateway=vpn_DC | |
add distance=1 dst-address=192.168.112.0/24 gateway=192.168.88.201 | |
/ip ssh | |
set forwarding-enabled=remote | |
/ip upnp interfaces | |
add interface=ether1 type=external | |
add interface=bridge type=internal | |
/ppp secret | |
add name=remote_sa profile=l2tp_profile service=l2tp | |
add name=remote_srv_1c profile=l2tp_profile remote-address=192.168.88.200 \ | |
service=l2tp | |
add name=remote_srv_branch43 profile=l2tp_profile remote-address=\ | |
192.168.88.201 service=l2tp | |
add name=remote_arilan profile=l2tp_profile service=l2tp | |
add name=remote_korolkov profile=l2tp_profile service=l2tp | |
/system clock | |
set time-zone-autodetect=no time-zone-name=Europe/Moscow | |
/system identity | |
set name=KM-2-GW | |
/tool mac-server | |
set allowed-interface-list=LAN | |
/tool mac-server mac-winbox | |
set allowed-interface-list=LAN | |
/tool romon | |
set enabled=yes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment