# routerboard: yes # model: CRS317-1G-16S+ # serial-number: 846C092D0233 # firmware-type: dx3230L # factory-firmware: 6.41 # current-firmware: 6.47.9 # upgrade-firmware: 6.44.5 # # channel: long-term # installed-version: 6.44.5 # # Flags: U - undoable, R - redoable, F - floating-undo # ACTION BY POLICY # U device changed admin write # U user nzm added admin write # policy # U user protek changed admin write # policy # # software id = SCLN-TCKL # # model = CRS317-1G-16S+ # serial number = 846C092D0233 /interface bridge add name=loopbridge add frame-types=admit-only-vlan-tagged ingress-filtering=yes name=switch protocol-mode=none vlan-filtering=yes /interface ethernet set [ find default-name=ether1 ] speed=100Mbps set [ find default-name=sfp-sfpplus1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full comment="Link CGNAT" disabled=yes speed=10Gbps set [ find default-name=sfp-sfpplus2 ] auto-negotiation=no comment="Link CORE ( queimou )" disabled=yes speed=10Gbps set [ find default-name=sfp-sfpplus3 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full comment="CORE: Link OLT2" speed=10Gbps set [ find default-name=sfp-sfpplus4 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full comment="CORE: Link OLT1" speed=10Gbps set [ find default-name=sfp-sfpplus5 ] comment=SBSJ2 speed=10Gbps set [ find default-name=sfp-sfpplus6 ] auto-negotiation=no comment=CA2 set [ find default-name=sfp-sfpplus7 ] comment=SJ-CE speed=10Gbps set [ find default-name=sfp-sfpplus8 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full auto-negotiation=no speed=10Gbps set [ find default-name=sfp-sfpplus9 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full comment="Link BRAS - OLTs" loop-protect=off speed=10Gbps set [ find default-name=sfp-sfpplus10 ] comment="Link BRAS - BGP" speed=10Gbps set [ find default-name=sfp-sfpplus11 ] comment="UPLINK NE8000 [Porta 8]" speed=10Gbps set [ find default-name=sfp-sfpplus12 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full auto-negotiation=no speed=10Gbps set [ find default-name=sfp-sfpplus13 ] comment=CGNAT speed=10Gbps set [ find default-name=sfp-sfpplus14 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full comment="CORE: Link OLT3" speed=10Gbps set [ find default-name=sfp-sfpplus15 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full comment="UPLINK NE8000 [Porta 7]" mac-address=B8:69:F4:00:73:3D speed=10Gbps set [ find default-name=sfp-sfpplus16 ] speed=10Gbps /interface vlan add interface=sfp-sfpplus13 name=vlan2 vlan-id=2 /interface bonding add mode=802.3ad name=bonding-NE8000 slaves=sfp-sfpplus15,sfp-sfpplus11 transmit-hash-policy=layer-2-and-3 /snmp community set [ find default=yes ] addresses=45.236.84.0/22,192.168.0.0/16,35.237.63.30/32 name=public-noway write-access=yes /user group set full policy="local,telnet,ssh,ftp,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp,!reboot" /interface bridge port add bridge=switch interface=sfp-sfpplus5 add bridge=switch interface=sfp-sfpplus6 add bridge=switch interface=sfp-sfpplus7 add bridge=switch disabled=yes interface=sfp-sfpplus1 add bridge=switch interface=sfp-sfpplus4 add bridge=switch disabled=yes interface=sfp-sfpplus2 add bridge=switch interface=sfp-sfpplus3 add bridge=switch frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus9 pvid=60 add bridge=switch frame-types=admit-only-vlan-tagged interface=sfp-sfpplus8 add bridge=switch interface=sfp-sfpplus10 add bridge=switch disabled=yes interface=sfp-sfpplus11 add bridge=switch interface=sfp-sfpplus13 add bridge=switch interface=ether1 add bridge=switch frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus14 add bridge=switch frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus12 add bridge=switch disabled=yes interface=sfp-sfpplus15 add bridge=switch interface=bonding-NE8000 /interface bridge vlan add bridge=switch disabled=yes tagged=sfp-sfpplus1,sfp-sfpplus2 vlan-ids=306 add bridge=switch tagged=sfp-sfpplus14,sfp-sfpplus12,sfp-sfpplus13 vlan-ids=60 add bridge=switch tagged=sfp-sfpplus1,sfp-sfpplus8 vlan-ids=59 add bridge=switch comment="vlans OLTs" tagged="sfp-sfpplus3,sfp-sfpplus4,sfp-sfpplus9,bonding-NE8000,sfp-sfpplus8,sfp-sfpplus14,sfp-sfpplus13" vlan-ids=1001-1016,2017 add bridge=switch tagged=sfp-sfpplus3,sfp-sfpplus4,sfp-sfpplus8,sfp-sfpplus9 vlan-ids=1000 add bridge=switch comment="vlan15 - bgp-bras" tagged=sfp-sfpplus13,sfp-sfpplus10 vlan-ids=15 add bridge=switch tagged=sfp-sfpplus3,sfp-sfpplus4,sfp-sfpplus13 vlan-ids=200,204-205 add bridge=switch comment="mgmt switch" tagged=sfp-sfpplus13,switch vlan-ids=2 add bridge=switch tagged=sfp-sfpplus4,ether1 vlan-ids=1500 add bridge=switch tagged=sfp-sfpplus4,sfp-sfpplus3,sfp-sfpplus9 vlan-ids=400 add bridge=switch tagged=sfp-sfpplus3,sfp-sfpplus13 vlan-ids=300 add bridge=switch tagged=sfp-sfpplus3,sfp-sfpplus13 vlan-ids=500 add bridge=switch tagged=sfp-sfpplus3,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus13 vlan-ids=201 add bridge=switch tagged=sfp-sfpplus3,sfp-sfpplus4,sfp-sfpplus7,sfp-sfpplus13 vlan-ids=203 add bridge=switch tagged=sfp-sfpplus3,sfp-sfpplus4,sfp-sfpplus6,sfp-sfpplus13 vlan-ids=202 add bridge=switch tagged=ether1,sfp-sfpplus13 vlan-ids=1499 add bridge=switch comment="Banco do Brasil" tagged=sfp-sfpplus3,sfp-sfpplus13,sfp-sfpplus14,sfp-sfpplus9 vlan-ids=600,601,602 add bridge=switch tagged=sfp-sfpplus4,sfp-sfpplus3,ether1 vlan-ids=1501 add bridge=switch comment="Transporte E\F3licas" tagged=sfp-sfpplus13,bonding-NE8000 vlan-ids=2080 add bridge=switch comment="NE8000 BRAS <> CGNAT OSPF" tagged=sfp-sfpplus13,bonding-NE8000 vlan-ids=10 add bridge=switch comment="NE8000 BGP <> CGNAT" tagged=sfp-sfpplus13,bonding-NE8000 vlan-ids=11 add bridge=switch tagged=sfp-sfpplus13,bonding-NE8000 vlan-ids=18 add bridge=switch comment="NE8000 BRAS <> CGNAT PBR" tagged=sfp-sfpplus13,bonding-NE8000 vlan-ids=9 add bridge=switch comment="Gerencia OLT3 Digistar" tagged=sfp-sfpplus14,bonding-NE8000 vlan-ids=93 /ip address add address=192.168.11.2/24 interface=vlan2 network=192.168.11.0 /ip dns set servers=45.236.84.18,45.236.84.19 /ip route add distance=1 gateway=192.168.11.1 /ip service set telnet disabled=yes set ftp disabled=yes set www address=192.168.0.0/16,45.236.84.0/22 port=10080 set ssh address="45.236.84.0/22,189.127.168.0/22,192.168.0.0/16,100.64.0.0/10,45.187.80.0/22,177.10.56.0/22" port=10022 set api disabled=yes set winbox address="45.236.84.0/22,189.127.168.0/22,192.168.0.0/16,100.64.0.0/10,45.187.80.0/22,177.10.56.0/22" port=25000 set api-ssl disabled=yes /ip smb set allow-guests=no interfaces=loopbridge /ip ssh set allow-none-crypto=yes forwarding-enabled=remote /snmp set contact="Acacio Correa " enabled=yes location="[-26.42382277, -51.31382207]" trap-version=2 /system clock set time-zone-name=America/Sao_Paulo /system identity set name=Protek-CRS /system logging add topics=interface,debug /system ntp client set enabled=yes primary-ntp=45.236.84.23 secondary-ntp=200.160.7.186 /system package update set channel=long-term /system routerboard settings set boot-os=router-os /system scheduler add name=downgrade on-event="/sys package downgrade\r\n/system reboot" policy=reboot,read,write,policy,test,password start-date=jun/15/2021 start-time=05:00:00 /system watchdog set watchdog-timer=no /tool romon set enabled=yes secrets=protek-info-12