Difference between revisions of "HEX1.LMK"

From OCARC
Jump to: navigation, search
(Created page with "<pre> #HEX1.LMK /interface vlan add interface=sfp1 name=SFP1-HAMWAN-PUBLIC vlan-id=600 add interface=sfp1 name=SFP1-HAMWAN-PRIVATE vlan-id=601 add interface=ether1 name=ETH1...")
 
Line 1: Line 1:
 
<pre>
 
<pre>
#HEX1.LMK
+
[admin@MikroTik] > export
 
+
# jan/02/1970 01:12:32 by RouterOS 6.36.1
 +
# software id = 6LF8-82K7
 +
#
 +
/interface bridge
 +
add name=BRIDGE-HAMWAN-PRIVATE
 +
add name=BRIDGE-HAMWAN-PUBLIC
 +
/ip neighbor discovery
 +
set ether1 discover=no
 
/interface vlan
 
/interface vlan
add interface=sfp1 name=SFP1-HAMWAN-PUBLIC vlan-id=600
+
add interface=ether1 name=ETH1-HAMWAN-PRIVATE vlan-id=601
add interface=sfp1 name=SFP1-HAMWAN-PRIVATE vlan-id=601
 
 
 
 
add interface=ether1 name=ETH1-HAMWAN-PUBLIC vlan-id=600
 
add interface=ether1 name=ETH1-HAMWAN-PUBLIC vlan-id=600
add interface=ether1 name=ETH1-HAMWAN-PRIVATE vlan-id=601
+
add interface=ether2 name=ETH2-HAMWAN-PRIVATE vlan-id=601
 
 
 
add interface=ether2 name=ETH2-HAMWAN-PUBLIC vlan-id=600
 
add interface=ether2 name=ETH2-HAMWAN-PUBLIC vlan-id=600
add interface=ether2 name=ETH2-HAMWAN-PRIVATE vlan-id=601
+
add interface=ether3 name=ETH3-HAMWAN-PRIVATE vlan-id=601
 
 
 
add interface=ether3 name=ETH3-HAMWAN-PUBLIC vlan-id=600
 
add interface=ether3 name=ETH3-HAMWAN-PUBLIC vlan-id=600
add interface=ether3 name=ETH3-HAMWAN-PRIVATE vlan-id=601
+
add interface=ether4 name=ETH4-HAMWAN-PRIVATE vlan-id=601
 
 
 
add interface=ether4 name=ETH4-HAMWAN-PUBLIC vlan-id=600
 
add interface=ether4 name=ETH4-HAMWAN-PUBLIC vlan-id=600
add interface=ether4 name=ETH4-HAMWAN-PRIVATE vlan-id=601
+
add interface=ether5 name=ETH5-HAMWAN-PRIVATE vlan-id=601
 
 
 
add interface=ether5 name=ETH5-HAMWAN-PUBLIC vlan-id=600
 
add interface=ether5 name=ETH5-HAMWAN-PUBLIC vlan-id=600
add interface=ether5 name=ETH5-HAMWAN-PRIVATE vlan-id=601
+
add interface=sfp1 name=SFP1-HAMWAN-PRIVATE vlan-id=601
 
+
add interface=sfp1 name=SFP1-HAMWAN-PUBLIC vlan-id=600
Add bridges for each VLAN
+
/ip hotspot profile
/interface bridge
+
set [ find default=yes ] html-directory=flash/hotspot
add name=BRIDGE-HAMWAN-PUBLIC
 
add name=BRIDGE-HAMWAN-PRIVATE
 
 
 
Add VLAN interfaces to their corresponding bridges and ethernet interfaces where untagged traffic is necessary
 
 
/interface bridge port
 
/interface bridge port
 +
add comment=defconf interface=ether2
 +
add comment=defconf interface=sfp1
 
add bridge=BRIDGE-HAMWAN-PUBLIC interface=SFP1-HAMWAN-PUBLIC
 
add bridge=BRIDGE-HAMWAN-PUBLIC interface=SFP1-HAMWAN-PUBLIC
 
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH1-HAMWAN-PUBLIC
 
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH1-HAMWAN-PUBLIC
Line 34: Line 33:
 
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH4-HAMWAN-PUBLIC
 
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH4-HAMWAN-PUBLIC
 
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH5-HAMWAN-PUBLIC
 
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH5-HAMWAN-PUBLIC
 
 
add bridge=BRIDGE-HAMWAN-PRIVATE interface=SFP1-HAMWAN-PRIVATE
 
add bridge=BRIDGE-HAMWAN-PRIVATE interface=SFP1-HAMWAN-PRIVATE
 
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH1-HAMWAN-PRIVATE
 
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH1-HAMWAN-PRIVATE
Line 41: Line 39:
 
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH4-HAMWAN-PRIVATE
 
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH4-HAMWAN-PRIVATE
 
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH5-HAMWAN-PRIVATE
 
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH5-HAMWAN-PRIVATE
 +
/ip address
 +
add address=10.246.1.1/16 comment=defconf interface=BRIDGE-HAMWAN-PRIVATE \
 +
    network=10.246.0.0
 +
/ip dhcp-client
 +
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
 +
    ether1
 +
/ip dns
 +
set allow-remote-requests=yes
 +
/ip dns static
 +
add address=192.168.88.1 name=router
 +
/ip firewall filter
 +
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
 +
add action=accept chain=input comment="defconf: accept established,related" \
 +
    connection-state=established,related
 +
add action=drop chain=input comment="defconf: drop all from WAN" \
 +
    in-interface=ether1
 +
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
 +
    connection-state=established,related
 +
add action=accept chain=forward comment="defconf: accept established,related" \
 +
    connection-state=established,related
 +
add action=drop chain=forward comment="defconf: drop invalid" \
 +
    connection-state=invalid
 +
add action=drop chain=forward comment=\
 +
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
 +
    connection-state=new in-interface=ether1
 +
/ip firewall nat
 +
add action=masquerade chain=srcnat comment="defconf: masquerade" \
 +
    out-interface=ether1
 +
/system routerboard settings
 +
set cpu-frequency=800MHz protected-routerboot=disabled
 +
/tool mac-server
 +
set [ find default=yes ] disabled=yes
 +
add
 +
/tool mac-server mac-winbox
 +
set [ find default=yes ] disabled=yes
 +
add
 +
[admin@MikroTik] >
 
</pre>
 
</pre>

Revision as of 23:49, 11 June 2017

[admin@MikroTik] > export
# jan/02/1970 01:12:32 by RouterOS 6.36.1
# software id = 6LF8-82K7
#
/interface bridge
add name=BRIDGE-HAMWAN-PRIVATE
add name=BRIDGE-HAMWAN-PUBLIC
/ip neighbor discovery
set ether1 discover=no
/interface vlan
add interface=ether1 name=ETH1-HAMWAN-PRIVATE vlan-id=601
add interface=ether1 name=ETH1-HAMWAN-PUBLIC vlan-id=600
add interface=ether2 name=ETH2-HAMWAN-PRIVATE vlan-id=601
add interface=ether2 name=ETH2-HAMWAN-PUBLIC vlan-id=600
add interface=ether3 name=ETH3-HAMWAN-PRIVATE vlan-id=601
add interface=ether3 name=ETH3-HAMWAN-PUBLIC vlan-id=600
add interface=ether4 name=ETH4-HAMWAN-PRIVATE vlan-id=601
add interface=ether4 name=ETH4-HAMWAN-PUBLIC vlan-id=600
add interface=ether5 name=ETH5-HAMWAN-PRIVATE vlan-id=601
add interface=ether5 name=ETH5-HAMWAN-PUBLIC vlan-id=600
add interface=sfp1 name=SFP1-HAMWAN-PRIVATE vlan-id=601
add interface=sfp1 name=SFP1-HAMWAN-PUBLIC vlan-id=600
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add comment=defconf interface=ether2
add comment=defconf interface=sfp1
add bridge=BRIDGE-HAMWAN-PUBLIC interface=SFP1-HAMWAN-PUBLIC
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH1-HAMWAN-PUBLIC
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH2-HAMWAN-PUBLIC
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH3-HAMWAN-PUBLIC
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH4-HAMWAN-PUBLIC
add bridge=BRIDGE-HAMWAN-PUBLIC interface=ETH5-HAMWAN-PUBLIC
add bridge=BRIDGE-HAMWAN-PRIVATE interface=SFP1-HAMWAN-PRIVATE
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH1-HAMWAN-PRIVATE
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH2-HAMWAN-PRIVATE
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH3-HAMWAN-PRIVATE
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH4-HAMWAN-PRIVATE
add bridge=BRIDGE-HAMWAN-PRIVATE interface=ETH5-HAMWAN-PRIVATE
/ip address
add address=10.246.1.1/16 comment=defconf interface=BRIDGE-HAMWAN-PRIVATE \
    network=10.246.0.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
    ether1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" \
    in-interface=ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    out-interface=ether1
/system routerboard settings
set cpu-frequency=800MHz protected-routerboot=disabled
/tool mac-server
set [ find default=yes ] disabled=yes
add
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add
[admin@MikroTik] >