HEX1.KUI: Difference between revisions

From OCARC
Jump to navigation Jump to search
No edit summary
 
(9 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{Template:HamWAN Site Bar| backlink=[[Installation/KUI HamWAN Sector|KUI HamWAN Sector]]}}
== Ports ==
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
! Ports
!  
! SFP
! style="background: rgb(62,74,60); color: white"|DC IN
! 1 <br> POE IN
! style="background: rgb(101,192,195)"|SFP<br>
! 2 <br> POE OUT
! style="background: rgb(101,192,195)"|eth1 <br> PoE IN
! 3 <br> POE OUT
! style="background: rgb(250,208,12)"|eth2 <br> PoE OUT
! 4 <br> POE OUT
! style="background: rgb(250,208,12)"|eth3 <br> PoE OUT
! 5 <br> POE OUT
! style="background: rgb(250,208,12)"|eth4 <br> PoE OUT
! style="background: rgb(250,208,12)"|eth5 <br> PoE OUT
|-
|-
!
! colspan="2" |
| not used
| not used
| not used
| not used
| not used
Line 17: Line 22:
|-
|-
! Power
! Power
| 12v <br> battery
| no
| no
!
!
!
| 12v <br> battery
!
! colspan="4" |
!
|}
|}
== Configuration ==
{{Alert | type=warning | message = This configuration has not been tested on a physical device}}
{{Alert | type=warning | message = This configuration is a work in progress}}
<pre>
/interface bridge
add name=BRIDGE-HAMWAN-PRIVATE
add name=BRIDGE-HAMWAN-PUBLIC
/ip neighbor discovery
set ether1 discover=no
/interface vlan
add interface=ether1 name=ETH1-HAMWAN-PRIVATE vlan-id=601
add interface=ether1 name=ETH1-HAMWAN-PUBLIC vlan-id=600
add interface=ether2 name=ETH2-HAMWAN-PRIVATE vlan-id=601
add interface=ether2 name=ETH2-HAMWAN-PUBLIC vlan-id=600
add interface=ether3 name=ETH3-HAMWAN-PRIVATE vlan-id=601
add interface=ether3 name=ETH3-HAMWAN-PUBLIC vlan-id=600
add interface=ether4 name=ETH4-HAMWAN-PRIVATE vlan-id=601
add interface=ether4 name=ETH4-HAMWAN-PUBLIC vlan-id=600
add interface=ether5 name=ETH5-HAMWAN-PRIVATE vlan-id=601
add interface=ether5 name=ETH5-HAMWAN-PUBLIC vlan-id=600
add interface=sfp1 name=SFP1-HAMWAN-PRIVATE vlan-id=601
add interface=sfp1 name=SFP1-HAMWAN-PUBLIC vlan-id=600
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add comment=defconf interface=ether2
add comment=defconf interface=sfp1
add bridge=BRIDGE-HAMWAN-PUBLIC interface=SFP1-HAMWAN-PUBLIC
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH1-HAMWAN-PUBLIC
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH2-HAMWAN-PUBLIC
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH3-HAMWAN-PUBLIC
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH4-HAMWAN-PUBLIC
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH5-HAMWAN-PUBLIC
add bridge=BRIDGE-HAMWAN-PRIVATE interface=SFP1-HAMWAN-PRIVATE
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH1-HAMWAN-PRIVATE
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH2-HAMWAN-PRIVATE
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH3-HAMWAN-PRIVATE
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH4-HAMWAN-PRIVATE
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH5-HAMWAN-PRIVATE
/ip address
add address=10.246.3.1/16 comment=defconf interface=BRIDGE-HAMWAN-PRIVATE \
    network=10.246.0.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
    ether1
/ip dns
set allow-remote-requests=no
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" \
    in-interface=ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    out-interface=ether1
/system routerboard settings
set cpu-frequency=800MHz protected-routerboot=disabled
/tool mac-server
set [ find default=yes ] disabled=yes
add
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add
/system identity
set name=HEX1.KUI
</pre>

Latest revision as of 06:04, 4 July 2017

Sites

Edit This

<img src="http://portal.hamwan.ca/status/icon/site.svg?siteID=1" style="width: 48px">
LMK
<img src="http://portal.hamwan.ca/status/icon/site.svg?siteID=2" style="width: 48px">
BKM
<img src="http://portal.hamwan.ca/status/icon/site.svg?siteID=3" style="width: 48px">
KUI
<img src="http://portal.hamwan.ca/status/icon/site.svg?siteID=4" style="width: 48px">
BGM
<img src="http://portal.hamwan.ca/status/icon/site.svg?siteID=5" style="width: 48px">
TUR
<img src="http://portal.hamwan.ca/status/icon/site.svg?siteID=12" style="width: 48px">
OKM
<img src="http://portal.hamwan.ca/status/icon/site.svg?siteID=6" style="width: 48px">
ROK
<img src="http://portal.hamwan.ca/status/icon/site.svg?siteID=0" style="width: 48px">
CED
<img src="http://portal.hamwan.ca/status/icon/site.svg?siteID=0" style="width: 48px">
ELI

Ports

DC IN SFP
eth1
PoE IN
eth2
PoE OUT
eth3
PoE OUT
eth4
PoE OUT
eth5
PoE OUT
not used not used not used not used not used not used
Power no 12v
battery

Configuration

This configuration has not been tested on a physical device
This configuration is a work in progress

/interface bridge
add name=BRIDGE-HAMWAN-PRIVATE
add name=BRIDGE-HAMWAN-PUBLIC
/ip neighbor discovery
set ether1 discover=no
/interface vlan
add interface=ether1 name=ETH1-HAMWAN-PRIVATE vlan-id=601
add interface=ether1 name=ETH1-HAMWAN-PUBLIC vlan-id=600
add interface=ether2 name=ETH2-HAMWAN-PRIVATE vlan-id=601
add interface=ether2 name=ETH2-HAMWAN-PUBLIC vlan-id=600
add interface=ether3 name=ETH3-HAMWAN-PRIVATE vlan-id=601
add interface=ether3 name=ETH3-HAMWAN-PUBLIC vlan-id=600
add interface=ether4 name=ETH4-HAMWAN-PRIVATE vlan-id=601
add interface=ether4 name=ETH4-HAMWAN-PUBLIC vlan-id=600
add interface=ether5 name=ETH5-HAMWAN-PRIVATE vlan-id=601
add interface=ether5 name=ETH5-HAMWAN-PUBLIC vlan-id=600
add interface=sfp1 name=SFP1-HAMWAN-PRIVATE vlan-id=601
add interface=sfp1 name=SFP1-HAMWAN-PUBLIC vlan-id=600
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add comment=defconf interface=ether2
add comment=defconf interface=sfp1
add bridge=BRIDGE-HAMWAN-PUBLIC interface=SFP1-HAMWAN-PUBLIC
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH1-HAMWAN-PUBLIC
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH2-HAMWAN-PUBLIC
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH3-HAMWAN-PUBLIC
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH4-HAMWAN-PUBLIC
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH5-HAMWAN-PUBLIC
add bridge=BRIDGE-HAMWAN-PRIVATE interface=SFP1-HAMWAN-PRIVATE
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH1-HAMWAN-PRIVATE
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH2-HAMWAN-PRIVATE
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH3-HAMWAN-PRIVATE
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH4-HAMWAN-PRIVATE
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH5-HAMWAN-PRIVATE
/ip address
add address=10.246.3.1/16 comment=defconf interface=BRIDGE-HAMWAN-PRIVATE \
    network=10.246.0.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
    ether1
/ip dns
set allow-remote-requests=no
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" \
    in-interface=ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    out-interface=ether1
/system routerboard settings
set cpu-frequency=800MHz protected-routerboot=disabled
/tool mac-server
set [ find default=yes ] disabled=yes
add
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add
/system identity
set name=HEX1.KUI