# routerboard: yes # model: RB3011UiAS # revision: r2 # serial-number: E7E60F702DD8 # firmware-type: ipq8060 # factory-firmware: 6.47.10 # current-firmware: 6.48.6 # upgrade-firmware: 7.12.1 # # channel: development # installed-version: 7.12.1 # # # 2024-07-15 12:10:10 by RouterOS 7.12.1 # software id = JVLR-H2MN # # model = RB3011UiAS # serial number = E7E60F702DD8 /interface bridge add name=loopbridge /interface ethernet set [ find default-name=ether2 ] name=ether2-OLT-Digistar set [ find default-name=ether3 ] comment="POSTO HORIZONTE" name=ether3-Posto_Horizonte set [ find default-name=ether8 ] name=ether8-Gerencia-OLT-Digistar set [ find default-name=ether9 ] comment="UPLINK: OLT GE5" set [ find default-name=ether10 ] comment="POSTO <> MARCIO REDUNDANCIA" set [ find default-name=sfp1 ] comment=CRS_ALT_MARCIO /interface vlan add interface=ether9 name=vlan99-gerenciaOLT vlan-id=99 add comment="CTO IGREJINHA" interface=ether9 name=vlan311-PON1 vlan-id=311 add comment="CTO HORIZONTE BATATAS" interface=ether9 name=vlan312-PON2 vlan-id=312 add comment="CTO POSTO" interface=ether9 name=vlan313-PON3 vlan-id=313 add comment="CTO BULAO" interface=ether9 name=vlan314-PON4 vlan-id=314 add interface=sfp1 name=vlan320-Marcio_viaFibra vlan-id=320 add interface=ether2-OLT-Digistar name=vlan1001-PON1-Digistar vlan-id=1001 add interface=ether2-OLT-Digistar name=vlan1002-PON2-Digistar vlan-id=1002 add interface=ether2-OLT-Digistar name=vlan1003-PON3-Digistar vlan-id=1003 add interface=ether2-OLT-Digistar name=vlan1004-PON4-Digistar vlan-id=1004 add interface=ether2-OLT-Digistar name=vlan1005-PON5-Digistar vlan-id=1005 add interface=ether2-OLT-Digistar name=vlan1006-PON6-Digistar vlan-id=1006 add interface=ether2-OLT-Digistar name=vlan1007-PON7-Digistar vlan-id=1007 add interface=ether2-OLT-Digistar name=vlan1008-PON8-Digistar vlan-id=1008 add interface=ether2-OLT-Digistar name=vlan1009-PON9-Digistar vlan-id=1009 add interface=ether2-OLT-Digistar name=vlan1010-PON10-Digistar vlan-id=1010 add interface=ether2-OLT-Digistar name=vlan1011-PON11-Digistar vlan-id=1011 add interface=ether2-OLT-Digistar name=vlan1012-PON12-Digistar vlan-id=1012 add interface=ether2-OLT-Digistar name=vlan1013-PON13-Digistar vlan-id=1013 add interface=ether2-OLT-Digistar name=vlan1014-PON14-Digistar vlan-id=1014 add interface=ether2-OLT-Digistar name=vlan1015-PON15-Digistar vlan-id=1015 add interface=ether2-OLT-Digistar name=vlan1016-PON16-Digistar vlan-id=1016 add interface=sfp1 name=vlan2080 vlan-id=2080 /interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=pool-pppoe ranges=100.65.47.0/24 add comment="Bloqueio IXCSoft" name=pool_bloqueio ranges=172.21.21.0/24 add comment="Aguardando Assinatura IXCSoft" name=pool_aguardando_assinatura ranges=172.22.21.0/24 add name=VPN ranges=100.72.0.0/24 /port set 0 name=serial0 /ppp profile add change-tcp-mss=yes local-address=192.168.40.1 name=profile-PPPoE remote-address=pool-pppoe use-ipv6=no use-mpls=no use-upnp=no add change-tcp-mss=yes local-address=192.168.40.1 name=profile1 rate-limit=30m/30m remote-address=pool-pppoe use-ipv6=no use-mpls=no use-upnp=no add change-tcp-mss=yes local-address=192.168.40.1 name=profile2 rate-limit=15m/15m remote-address=pool-pppoe use-ipv6=no use-mpls=no use-upnp=no add change-tcp-mss=yes dns-server=45.236.84.18,45.236.84.19 local-address=192.168.40.1 name=profile-vpn remote-address=VPN use-ipv6=no use-mpls=no use-upnp=no /queue simple add max-limit=300M/300M name=Posto-Horizonte target=45.236.84.116/30 /routing bgp template set default disabled=no output.network=bgp-networks /routing ospf instance add disabled=no name=default-v2 redistribute=connected router-id=192.168.200.11 add disabled=no in-filter-chain=ospf-in name=default-v3 version=3 /routing ospf area add disabled=no instance=default-v2 name=backbone-v2 add area-id=0.0.0.1 default-cost=1 disabled=yes instance=default-v2 name=area1-v2 type=stub add disabled=yes instance=default-v3 name=backbone-v3 /snmp community set [ find default=yes ] name=public-noway /user group add name=backup policy="local,telnet,ssh,ftp,read,write,policy,test,sensitive,!reboot,!winbox,!password,!web,!sniff,!api,!romon,!rest-api" #error exporting "/interface/bridge/calea" /ip neighbor discovery-settings set discover-interface-list=!dynamic /ip settings set max-neighbor-entries=8192 rp-filter=loose tcp-syncookies=yes /ipv6 settings set max-neighbor-entries=8192 /interface ovpn-server server set auth=sha1,md5 /interface pppoe-server server add default-profile=profile-PPPoE disabled=no interface=ether6 one-session-per-host=yes service-name=service1 add default-profile=profile-PPPoE disabled=no interface=ether7 one-session-per-host=yes service-name=service2 add default-profile=profile-PPPoE disabled=no interface=ether8-Gerencia-OLT-Digistar one-session-per-host=yes service-name=service3 add default-profile=profile-PPPoE disabled=no interface=ether9 one-session-per-host=yes service-name=service4 add default-profile=profile-PPPoE disabled=no interface=ether10 one-session-per-host=yes service-name=service5 add default-profile=profile-PPPoE disabled=no interface=vlan311-PON1 max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=OLT-PON1 add default-profile=profile-PPPoE disabled=no interface=vlan312-PON2 max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=OLT-PON2 add default-profile=profile-PPPoE disabled=no interface=vlan313-PON3 max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=OLT-PON3 add default-profile=profile-PPPoE disabled=no interface=vlan314-PON4 max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=OLT-PON4 add default-profile=profile-PPPoE disabled=no interface=vlan1001-PON1-Digistar max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=PON1-OLT_DIGISTAR add default-profile=profile-PPPoE disabled=no interface=vlan1002-PON2-Digistar max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=PON2-OLT_DIGISTAR add default-profile=profile-PPPoE disabled=no interface=vlan1003-PON3-Digistar max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=PON3-OLT_DIGISTAR add default-profile=profile-PPPoE disabled=no interface=vlan1004-PON4-Digistar max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=PON4-OLT_DIGISTAR add default-profile=profile-PPPoE disabled=no interface=vlan1005-PON5-Digistar max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=PON5-OLT_DIGISTAR add default-profile=profile-PPPoE disabled=no interface=vlan1006-PON6-Digistar max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=PON6-OLT_DIGISTAR add default-profile=profile-PPPoE disabled=no interface=vlan1007-PON7-Digistar max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=PON7-OLT_DIGISTAR add default-profile=profile-PPPoE disabled=no interface=vlan1008-PON8-Digistar max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=PON8-OLT_DIGISTAR add default-profile=profile-PPPoE disabled=no interface=vlan1009-PON9-Digistar max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=PON9-OLT_DIGISTAR add default-profile=profile-PPPoE disabled=no interface=vlan1010-PON10-Digistar max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=PON10-OLT_DIGISTAR add default-profile=profile-PPPoE disabled=no interface=vlan1011-PON11-Digistar max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=PON11-OLT_DIGISTAR add default-profile=profile-PPPoE disabled=no interface=vlan1012-PON12-Digistar max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=PON12-OLT_DIGISTAR add default-profile=profile-PPPoE disabled=no interface=vlan1013-PON13-Digistar max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=PON13-OLT_DIGISTAR add default-profile=profile-PPPoE disabled=no interface=vlan1014-PON14-Digistar max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=PON14-OLT_DIGISTAR add default-profile=profile-PPPoE disabled=no interface=vlan1015-PON15-Digistar max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=PON15-OLT_DIGISTAR add default-profile=profile-PPPoE disabled=no interface=vlan1016-PON16-Digistar max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=PON16-OLT_DIGISTAR /ip address add address=192.168.99.142/30 interface=vlan2080 network=192.168.99.140 add address=192.168.200.11 interface=loopbridge network=192.168.200.11 add address=192.168.254.97/29 interface=ether10 network=192.168.254.96 add address=45.236.84.117/30 interface=ether3-Posto_Horizonte network=45.236.84.116 add address=192.168.8.200/24 interface=ether4 network=192.168.8.0 add address=192.168.20.1/30 interface=vlan99-gerenciaOLT network=192.168.20.0 add address=192.168.254.105/30 interface=vlan320-Marcio_viaFibra network=192.168.254.104 add address=10.98.99.1/30 interface=sfp1 network=10.98.99.0 add address=192.168.104.137/30 comment="Repetidora Posto Horizonte 1" interface=vlan1001-PON1-Digistar network=192.168.104.136 add address=192.168.10.1/24 interface=ether8-Gerencia-OLT-Digistar network=192.168.10.0 add address=192.168.15.1/24 interface=vlan1002-PON2-Digistar network=192.168.15.0 add address=192.168.1.1/24 disabled=yes interface=vlan1001-PON1-Digistar network=192.168.1.0 /ip dns set servers=45.236.84.18,45.236.84.19,2804:4de8:800:8000::18,2804:4de8:800:8000::19 /ip firewall address-list add address=192.168.199.1 comment="IXCProvedor endereco IP do sistema" list=rede_local add address=45.187.80.250 list=Acesso-OLT-Digistar add address=ixc.proteknet.com.br list=Acesso-OLT-Digistar #error exporting "/ip/firewall/calea" /ip firewall filter add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 protocol=tcp src-address=172.21.21.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address=172.21.21.0/24 add action=fasttrack-connection chain=forward hw-offload=yes add action=accept chain=forward /ip firewall nat add action=dst-nat chain=dstnat comment="Redir para OLT Digistar no IXC" dst-address=45.236.84.117 dst-port=9913 protocol=tcp src-address-list=Acesso-OLT-Digistar to-addresses=192.168.10.3 to-ports=23 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address=172.21.21.0/24 to-addresses=192.168.199.1 to-ports=8082 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address-list=aviso_bloqueio to-addresses=192.168.199.1 to-ports=8082 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address=172.22.21.0/24 to-addresses=192.168.199.1 to-ports=8086 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aguardando assinatura" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address-list=aguardando_assinatura to-addresses=192.168.199.1 to-ports=8086 add action=src-nat chain=srcnat out-interface=vlan2080 src-address=100.71.0.0/24 to-addresses=45.236.84.117 /ip firewall raw add action=accept chain=prerouting dst-address=45.236.84.118 add action=accept chain=prerouting disabled=yes src-address=45.236.84.116/30 add action=accept chain=prerouting disabled=yes dst-address=45.236.84.116/30 /ip route add disabled=no distance=121 dst-address=0.0.0.0/0 gateway=192.168.254.100 pref-src=192.168.200.11 /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes port=10080 set ssh address="45.236.84.0/22,45.236.86.37/32,45.236.84.34/32,192.168.0.0/16,45.236.84.23/32" port=10022 set api address=45.236.84.24/32,45.236.84.25/32,45.236.87.255/32,192.168.199.1/32 set winbox address=45.236.84.0/22,45.236.86.37/32,45.236.84.34/32,192.168.0.0/16 port=25000 set api-ssl address=45.236.84.24/32,45.236.84.25/32,45.236.87.255/32,192.168.199.1/32 /ip smb set allow-guests=no interfaces=loopbridge /ip tftp add /lcd set time-interval=weekly /ppp aaa set interim-update=20m use-radius=yes /ppp secret add name=posto.teste profile=profile-PPPoE service=pppoe add name=lucas.123 profile=profile-PPPoE service=pppoe add disabled=yes name=barracao.sede profile=profile2 service=pppoe add disabled=yes name=torre.sede profile=profile2 service=pppoe add name=teste.123 profile=profile-PPPoE service=pppoe /radius add address=45.236.84.27 disabled=yes service=ppp src-address=192.168.200.11 add address=192.168.199.1 comment="IXCProvedor configuracao radius" service=ppp,hotspot,wireless src-address=192.168.200.11 timeout=3s /radius incoming set accept=yes /routing bfd configuration add disabled=yes interfaces=all min-rx=200ms min-tx=200ms multiplier=5 /routing filter rule add chain=ospf-in disabled=no rule="if (dst == 0.0.0.0/0) { set pref-src 192.168.200.11; }" add chain=ospf-in disabled=no rule="if (dst in 10.0.0.0/8 && dst-len in 8-32) { accept; }" add chain=ospf-in disabled=no rule="if (dst in 100.64.0.0/10 && dst-len in 10-32) { accept; }" add chain=ospf-in disabled=no rule="if (dst in 172.16.0.0/12 && dst-len in 12-32) { accept; }" add chain=ospf-in disabled=no rule="if (dst in 192.168.0.0/16 && dst-len in 16-32) { accept; }" add chain=ospf-in disabled=no rule="if (dst in 45.236.84.0/22 && dst-len in 22-32) { accept; }" /routing ospf interface-template add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=vlan2080 networks=192.168.99.140/30 priority=1 use-bfd=no add area=backbone-v2 auth-id=1 auth-key="" cost=40 disabled=no interfaces=ether10 networks=192.168.254.96/29 priority=1 type=ptp use-bfd=no add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=vlan320-Marcio_viaFibra networks=192.168.254.104/30 priority=1 type=ptp use-bfd=no /snmp set contact="Acacio " enabled=yes location="General Carneiro/PR" trap-version=2 /system clock set time-zone-name=America/Sao_Paulo /system identity set name=Protek-Horizonte /system note set show-at-login=no /system ntp client set enabled=yes /system ntp client servers add address=45.236.84.23 /system package update set channel=development /system scheduler add interval=1d name=IXCProvedor_agendamento-backup on-event=IXCProvedor-fazer-e-enviar-backup policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=2023-06-19 start-time=04:00:00 /system script add dont-require-permissions=no name=IXCProvedor-fazer-e-enviar-backup owner=ixc.sistema policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="export file=backup-mikrotik_Horizonte.rsc; :log info message=\"IXCSoft enviando backup por email\"; /tool e-mail send to=\"acacio@proteknet.com.br\" subject=\"backup-Horizonte\" file=backup-mikrotik_Horizonte.rsc start-tls=yes" /tool e-mail set from=financeiro@proteknet.com.br port=465 server=smtps.uhserver.com.com user=financeiro@proteknet.com.br /tool romon set enabled=yes