Difference between revisions of "HEX1.KUI"

From OCARC
Jump to: navigation, search
(Ports)
(Configuration)
 
(3 intermediate revisions by the same user not shown)
Line 27: Line 27:
 
! colspan="4" |
 
! colspan="4" |
 
|}
 
|}
 +
 +
== Configuration ==
 +
{{Alert | type=warning | message = This configuration has not been tested on a physical device}}
 +
{{Alert | type=warning | message = This configuration is a work in progress}}
 +
<pre>
 +
 +
/interface bridge
 +
add name=BRIDGE-HAMWAN-PRIVATE
 +
add name=BRIDGE-HAMWAN-PUBLIC
 +
/ip neighbor discovery
 +
set ether1 discover=no
 +
/interface vlan
 +
add interface=ether1 name=ETH1-HAMWAN-PRIVATE vlan-id=601
 +
add interface=ether1 name=ETH1-HAMWAN-PUBLIC vlan-id=600
 +
add interface=ether2 name=ETH2-HAMWAN-PRIVATE vlan-id=601
 +
add interface=ether2 name=ETH2-HAMWAN-PUBLIC vlan-id=600
 +
add interface=ether3 name=ETH3-HAMWAN-PRIVATE vlan-id=601
 +
add interface=ether3 name=ETH3-HAMWAN-PUBLIC vlan-id=600
 +
add interface=ether4 name=ETH4-HAMWAN-PRIVATE vlan-id=601
 +
add interface=ether4 name=ETH4-HAMWAN-PUBLIC vlan-id=600
 +
add interface=ether5 name=ETH5-HAMWAN-PRIVATE vlan-id=601
 +
add interface=ether5 name=ETH5-HAMWAN-PUBLIC vlan-id=600
 +
add interface=sfp1 name=SFP1-HAMWAN-PRIVATE vlan-id=601
 +
add interface=sfp1 name=SFP1-HAMWAN-PUBLIC vlan-id=600
 +
/ip hotspot profile
 +
set [ find default=yes ] html-directory=flash/hotspot
 +
/interface bridge port
 +
add comment=defconf interface=ether2
 +
add comment=defconf interface=sfp1
 +
add bridge=BRIDGE-HAMWAN-PUBLIC interface=SFP1-HAMWAN-PUBLIC
 +
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH1-HAMWAN-PUBLIC
 +
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH2-HAMWAN-PUBLIC
 +
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH3-HAMWAN-PUBLIC
 +
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH4-HAMWAN-PUBLIC
 +
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH5-HAMWAN-PUBLIC
 +
add bridge=BRIDGE-HAMWAN-PRIVATE interface=SFP1-HAMWAN-PRIVATE
 +
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH1-HAMWAN-PRIVATE
 +
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH2-HAMWAN-PRIVATE
 +
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH3-HAMWAN-PRIVATE
 +
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH4-HAMWAN-PRIVATE
 +
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH5-HAMWAN-PRIVATE
 +
/ip address
 +
add address=10.246.3.1/16 comment=defconf interface=BRIDGE-HAMWAN-PRIVATE \
 +
    network=10.246.0.0
 +
/ip dhcp-client
 +
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
 +
    ether1
 +
/ip dns
 +
set allow-remote-requests=no
 +
/ip dns static
 +
add address=192.168.88.1 name=router
 +
/ip firewall filter
 +
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
 +
add action=accept chain=input comment="defconf: accept established,related" \
 +
    connection-state=established,related
 +
add action=drop chain=input comment="defconf: drop all from WAN" \
 +
    in-interface=ether1
 +
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
 +
    connection-state=established,related
 +
add action=accept chain=forward comment="defconf: accept established,related" \
 +
    connection-state=established,related
 +
add action=drop chain=forward comment="defconf: drop invalid" \
 +
    connection-state=invalid
 +
add action=drop chain=forward comment=\
 +
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
 +
    connection-state=new in-interface=ether1
 +
/ip firewall nat
 +
add action=masquerade chain=srcnat comment="defconf: masquerade" \
 +
    out-interface=ether1
 +
/system routerboard settings
 +
set cpu-frequency=800MHz protected-routerboot=disabled
 +
/tool mac-server
 +
set [ find default=yes ] disabled=yes
 +
add
 +
/tool mac-server mac-winbox
 +
set [ find default=yes ] disabled=yes
 +
add
 +
/system identity
 +
set name=HEX1.KUI
 +
</pre>

Latest revision as of 06:04, 4 July 2017

Sites

Edit This


LMK

BKM

KUI

BGM

TUR

OKM

ROK

CED

ELI

Ports

DC IN SFP
eth1
PoE IN
eth2
PoE OUT
eth3
PoE OUT
eth4
PoE OUT
eth5
PoE OUT
not used not used not used not used not used not used
Power no 12v
battery

Configuration

This configuration has not been tested on a physical device
This configuration is a work in progress

/interface bridge
add name=BRIDGE-HAMWAN-PRIVATE
add name=BRIDGE-HAMWAN-PUBLIC
/ip neighbor discovery
set ether1 discover=no
/interface vlan
add interface=ether1 name=ETH1-HAMWAN-PRIVATE vlan-id=601
add interface=ether1 name=ETH1-HAMWAN-PUBLIC vlan-id=600
add interface=ether2 name=ETH2-HAMWAN-PRIVATE vlan-id=601
add interface=ether2 name=ETH2-HAMWAN-PUBLIC vlan-id=600
add interface=ether3 name=ETH3-HAMWAN-PRIVATE vlan-id=601
add interface=ether3 name=ETH3-HAMWAN-PUBLIC vlan-id=600
add interface=ether4 name=ETH4-HAMWAN-PRIVATE vlan-id=601
add interface=ether4 name=ETH4-HAMWAN-PUBLIC vlan-id=600
add interface=ether5 name=ETH5-HAMWAN-PRIVATE vlan-id=601
add interface=ether5 name=ETH5-HAMWAN-PUBLIC vlan-id=600
add interface=sfp1 name=SFP1-HAMWAN-PRIVATE vlan-id=601
add interface=sfp1 name=SFP1-HAMWAN-PUBLIC vlan-id=600
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add comment=defconf interface=ether2
add comment=defconf interface=sfp1
add bridge=BRIDGE-HAMWAN-PUBLIC interface=SFP1-HAMWAN-PUBLIC
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH1-HAMWAN-PUBLIC
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH2-HAMWAN-PUBLIC
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH3-HAMWAN-PUBLIC
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH4-HAMWAN-PUBLIC
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH5-HAMWAN-PUBLIC
add bridge=BRIDGE-HAMWAN-PRIVATE interface=SFP1-HAMWAN-PRIVATE
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH1-HAMWAN-PRIVATE
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH2-HAMWAN-PRIVATE
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH3-HAMWAN-PRIVATE
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH4-HAMWAN-PRIVATE
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH5-HAMWAN-PRIVATE
/ip address
add address=10.246.3.1/16 comment=defconf interface=BRIDGE-HAMWAN-PRIVATE \
    network=10.246.0.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
    ether1
/ip dns
set allow-remote-requests=no
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" \
    in-interface=ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    out-interface=ether1
/system routerboard settings
set cpu-frequency=800MHz protected-routerboot=disabled
/tool mac-server
set [ find default=yes ] disabled=yes
add
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add
/system identity
set name=HEX1.KUI