Difference between revisions of "HEX1.KUI"
(→Configuration) |
|||
(5 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | {{Template:HamWAN Site Bar| backlink=[[Installation/KUI HamWAN Sector|KUI HamWAN Sector]]}} | ||
+ | |||
== Ports == | == Ports == | ||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
|- | |- | ||
− | ! | + | ! |
− | ! DC IN | + | ! style="background: rgb(62,74,60); color: white"|DC IN |
− | ! SFP | + | ! style="background: rgb(101,192,195)"|SFP<br> |
− | ! | + | ! style="background: rgb(101,192,195)"|eth1 <br> PoE IN |
− | ! | + | ! style="background: rgb(250,208,12)"|eth2 <br> PoE OUT |
− | ! | + | ! style="background: rgb(250,208,12)"|eth3 <br> PoE OUT |
− | ! | + | ! style="background: rgb(250,208,12)"|eth4 <br> PoE OUT |
− | ! | + | ! style="background: rgb(250,208,12)"|eth5 <br> PoE OUT |
|- | |- | ||
! colspan="2" | | ! colspan="2" | | ||
Line 25: | Line 27: | ||
! colspan="4" | | ! colspan="4" | | ||
|} | |} | ||
+ | |||
+ | == Configuration == | ||
+ | {{Alert | type=warning | message = This configuration has not been tested on a physical device}} | ||
+ | {{Alert | type=warning | message = This configuration is a work in progress}} | ||
+ | <pre> | ||
+ | |||
+ | /interface bridge | ||
+ | add name=BRIDGE-HAMWAN-PRIVATE | ||
+ | add name=BRIDGE-HAMWAN-PUBLIC | ||
+ | /ip neighbor discovery | ||
+ | set ether1 discover=no | ||
+ | /interface vlan | ||
+ | add interface=ether1 name=ETH1-HAMWAN-PRIVATE vlan-id=601 | ||
+ | add interface=ether1 name=ETH1-HAMWAN-PUBLIC vlan-id=600 | ||
+ | add interface=ether2 name=ETH2-HAMWAN-PRIVATE vlan-id=601 | ||
+ | add interface=ether2 name=ETH2-HAMWAN-PUBLIC vlan-id=600 | ||
+ | add interface=ether3 name=ETH3-HAMWAN-PRIVATE vlan-id=601 | ||
+ | add interface=ether3 name=ETH3-HAMWAN-PUBLIC vlan-id=600 | ||
+ | add interface=ether4 name=ETH4-HAMWAN-PRIVATE vlan-id=601 | ||
+ | add interface=ether4 name=ETH4-HAMWAN-PUBLIC vlan-id=600 | ||
+ | add interface=ether5 name=ETH5-HAMWAN-PRIVATE vlan-id=601 | ||
+ | add interface=ether5 name=ETH5-HAMWAN-PUBLIC vlan-id=600 | ||
+ | add interface=sfp1 name=SFP1-HAMWAN-PRIVATE vlan-id=601 | ||
+ | add interface=sfp1 name=SFP1-HAMWAN-PUBLIC vlan-id=600 | ||
+ | /ip hotspot profile | ||
+ | set [ find default=yes ] html-directory=flash/hotspot | ||
+ | /interface bridge port | ||
+ | add comment=defconf interface=ether2 | ||
+ | add comment=defconf interface=sfp1 | ||
+ | add bridge=BRIDGE-HAMWAN-PUBLIC interface=SFP1-HAMWAN-PUBLIC | ||
+ | add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH1-HAMWAN-PUBLIC | ||
+ | add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH2-HAMWAN-PUBLIC | ||
+ | add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH3-HAMWAN-PUBLIC | ||
+ | add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH4-HAMWAN-PUBLIC | ||
+ | add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH5-HAMWAN-PUBLIC | ||
+ | add bridge=BRIDGE-HAMWAN-PRIVATE interface=SFP1-HAMWAN-PRIVATE | ||
+ | add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH1-HAMWAN-PRIVATE | ||
+ | add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH2-HAMWAN-PRIVATE | ||
+ | add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH3-HAMWAN-PRIVATE | ||
+ | add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH4-HAMWAN-PRIVATE | ||
+ | add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH5-HAMWAN-PRIVATE | ||
+ | /ip address | ||
+ | add address=10.246.3.1/16 comment=defconf interface=BRIDGE-HAMWAN-PRIVATE \ | ||
+ | network=10.246.0.0 | ||
+ | /ip dhcp-client | ||
+ | add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\ | ||
+ | ether1 | ||
+ | /ip dns | ||
+ | set allow-remote-requests=no | ||
+ | /ip dns static | ||
+ | add address=192.168.88.1 name=router | ||
+ | /ip firewall filter | ||
+ | add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp | ||
+ | add action=accept chain=input comment="defconf: accept established,related" \ | ||
+ | connection-state=established,related | ||
+ | add action=drop chain=input comment="defconf: drop all from WAN" \ | ||
+ | in-interface=ether1 | ||
+ | add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ | ||
+ | connection-state=established,related | ||
+ | add action=accept chain=forward comment="defconf: accept established,related" \ | ||
+ | connection-state=established,related | ||
+ | add action=drop chain=forward comment="defconf: drop invalid" \ | ||
+ | connection-state=invalid | ||
+ | add action=drop chain=forward comment=\ | ||
+ | "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ | ||
+ | connection-state=new in-interface=ether1 | ||
+ | /ip firewall nat | ||
+ | add action=masquerade chain=srcnat comment="defconf: masquerade" \ | ||
+ | out-interface=ether1 | ||
+ | /system routerboard settings | ||
+ | set cpu-frequency=800MHz protected-routerboot=disabled | ||
+ | /tool mac-server | ||
+ | set [ find default=yes ] disabled=yes | ||
+ | add | ||
+ | /tool mac-server mac-winbox | ||
+ | set [ find default=yes ] disabled=yes | ||
+ | add | ||
+ | /system identity | ||
+ | set name=HEX1.KUI | ||
+ | </pre> |
Latest revision as of 06:04, 4 July 2017
Sites |
LMK |
BKM |
KUI |
BGM |
TUR |
OKM |
ROK |
• | CED |
ELI |
---|
Ports
DC IN | SFP |
eth1 PoE IN |
eth2 PoE OUT |
eth3 PoE OUT |
eth4 PoE OUT |
eth5 PoE OUT | |
---|---|---|---|---|---|---|---|
not used | not used | not used | not used | not used | not used | ||
Power | no | 12v battery |
Configuration
This configuration has not been tested on a physical device
This configuration is a work in progress
/interface bridge add name=BRIDGE-HAMWAN-PRIVATE add name=BRIDGE-HAMWAN-PUBLIC /ip neighbor discovery set ether1 discover=no /interface vlan add interface=ether1 name=ETH1-HAMWAN-PRIVATE vlan-id=601 add interface=ether1 name=ETH1-HAMWAN-PUBLIC vlan-id=600 add interface=ether2 name=ETH2-HAMWAN-PRIVATE vlan-id=601 add interface=ether2 name=ETH2-HAMWAN-PUBLIC vlan-id=600 add interface=ether3 name=ETH3-HAMWAN-PRIVATE vlan-id=601 add interface=ether3 name=ETH3-HAMWAN-PUBLIC vlan-id=600 add interface=ether4 name=ETH4-HAMWAN-PRIVATE vlan-id=601 add interface=ether4 name=ETH4-HAMWAN-PUBLIC vlan-id=600 add interface=ether5 name=ETH5-HAMWAN-PRIVATE vlan-id=601 add interface=ether5 name=ETH5-HAMWAN-PUBLIC vlan-id=600 add interface=sfp1 name=SFP1-HAMWAN-PRIVATE vlan-id=601 add interface=sfp1 name=SFP1-HAMWAN-PUBLIC vlan-id=600 /ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot /interface bridge port add comment=defconf interface=ether2 add comment=defconf interface=sfp1 add bridge=BRIDGE-HAMWAN-PUBLIC interface=SFP1-HAMWAN-PUBLIC add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH1-HAMWAN-PUBLIC add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH2-HAMWAN-PUBLIC add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH3-HAMWAN-PUBLIC add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH4-HAMWAN-PUBLIC add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH5-HAMWAN-PUBLIC add bridge=BRIDGE-HAMWAN-PRIVATE interface=SFP1-HAMWAN-PRIVATE add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH1-HAMWAN-PRIVATE add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH2-HAMWAN-PRIVATE add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH3-HAMWAN-PRIVATE add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH4-HAMWAN-PRIVATE add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH5-HAMWAN-PRIVATE /ip address add address=10.246.3.1/16 comment=defconf interface=BRIDGE-HAMWAN-PRIVATE \ network=10.246.0.0 /ip dhcp-client add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\ ether1 /ip dns set allow-remote-requests=no /ip dns static add address=192.168.88.1 name=router /ip firewall filter add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp add action=accept chain=input comment="defconf: accept established,related" \ connection-state=established,related add action=drop chain=input comment="defconf: drop all from WAN" \ in-interface=ether1 add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related add action=accept chain=forward comment="defconf: accept established,related" \ connection-state=established,related add action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalid add action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface=ether1 /ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" \ out-interface=ether1 /system routerboard settings set cpu-frequency=800MHz protected-routerboot=disabled /tool mac-server set [ find default=yes ] disabled=yes add /tool mac-server mac-winbox set [ find default=yes ] disabled=yes add /system identity set name=HEX1.KUI