# routerboard: yes # model: CCR1009-8G-1S-1S+ # serial-number: 4AB1049F2BE6 # firmware-type: tilegx # factory-firmware: 3.18 # current-firmware: 7.12.1 # upgrade-firmware: 7.12.1 # # channel: stable # installed-version: 7.12.1 # latest-version: 7.15.3 # status: New version is available # # Flags: U - UNDOABLE # Columns: ACTION, BY, POLICY, TIME # ACTION BY POLICY TIME # U address changed lucas write 2024-10-03 10:18:10 # U device changed lucas write 2024-10-02 22:54:49 # U device changed lucas write 2024-10-02 22:54:42 # U device changed lucas write 2024-09-27 08:42:32 # U device changed lucas write 2024-09-26 19:17:02 # U device changed lucas write 2024-09-26 18:20:06 # U device changed lucas write 2024-09-26 18:20:02 # U device changed lucas write 2024-09-26 17:10:51 # U device changed lucas write 2024-09-26 17:10:50 # U nat rule removed nzmmaster write 2024-09-21 11:18:41 # U nat rule moved nzmmaster write 2024-09-21 11:18:18 # U nat rule moved nzmmaster write 2024-09-21 11:18:16 # U nat rule added nzmmaster write 2024-09-21 11:18:14 # U bridge port removed flwvlw write 2024-09-14 13:30:47 # U ospf-interface-5 changed flwvlw write 2024-09-14 13:29:11 # U ospf-interface-5 changed flwvlw write 2024-09-14 13:29:11 # U ospf-interface-5 changed flwvlw write 2024-09-14 13:28:38 # U ospf-interface-5 changed flwvlw write 2024-09-14 13:27:51 # U ospf-interface-5 changed flwvlw write 2024-09-14 13:27:34 # U ppp secret changed lucas write 2024-09-14 11:47:36 # U address changed lucas write 2024-09-14 11:47:18 # U bridge port changed lucas write 2024-09-14 11:46:59 # U address changed lucas write 2024-09-14 10:43:21 # U address changed lucas write 2024-09-14 10:41:10 # U address changed lucas write 2024-09-14 10:41:08 # U address changed lucas write 2024-09-14 10:28:12 # U address changed lucas write 2024-09-14 10:26:37 # U address changed lucas write 2024-09-14 10:18:31 # U device changed lucas write 2024-09-14 10:15:58 # U device changed lucas write 2024-09-14 10:15:57 # U ppp secret changed lucas write 2024-09-06 14:53:49 # U ppp secret changed lucas write 2024-09-06 14:53:38 # U ppp secret changed lucas write 2024-09-06 14:53:33 # U ppp profile added lucas write 2024-09-06 14:53:26 # U ip service changed nzmmaster write 2024-08-02 10:16:20 # U user alt removed nzmmaster write 2024-08-02 10:16:12 # policy # U device removed nzmmaster write 2024-08-02 10:09:06 # U device removed nzmmaster write 2024-08-02 10:09:02 # U device removed nzmmaster write 2024-08-02 10:09:02 # U ip service changed nzmmaster write 2024-08-02 08:59:01 # U user alt added nzmmaster write 2024-08-02 08:54:46 # policy # U ip service changed nzmmaster write 2024-08-02 08:54:36 # # 2024-10-05 17:31:09 by RouterOS 7.12.1 # software id = GHTB-X3RD # # model = CCR1009-8G-1S-1S+ # serial number = 4AB1049F2BE6 /interface bridge add name=PTK-NN-CA-07 add name=PTK-RKT-CA-03 add name=PTK-RKT-CA-10 add fast-forward=no name=loopbridge /interface ethernet set [ find default-name=ether2 ] comment=PTK-NN-CA-07 name=ether1 set [ find default-name=ether3 ] comment=PP-CAxPZTO name=ether2 set [ find default-name=ether4 ] comment="CEU AZUL X PEDREIRA ( PP-PTK-JNGD-PDR)" name=ether3 set [ find default-name=ether5 ] comment=PP-CAxVLR2 name=ether4 set [ find default-name=ether6 ] comment=PTK-RKT-CA-10 name=ether5 set [ find default-name=ether7 ] comment="ENVIA VILMAR" name=ether6 set [ find default-name=ether8 ] comment=PTK-RKT-CA-03 name=ether7 set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no comment="LINK POP" speed=1G-baseX set [ find default-name=ether1 ] comment="CONTROLADOR VOLT" name=sfp1-combo /interface vlan add interface=sfp-sfpplus1 name=vlan202 vlan-id=202 add interface=sfp-sfpplus1 name=vlan211-Repetidora_Ravanello vlan-id=211 add interface=sfp1-combo name=vlan220 vlan-id=220 add interface=sfp1-combo name=vlan250 vlan-id=250 /interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=pool1 ranges=100.65.22.100-100.65.22.254 add name=pgcorte ranges=192.168.41.0/24 add name=DHCP-Switch ranges=192.168.253.2 add name=dhcp_pool3 ranges=192.168.253.2 add comment="Bloqueio IXCSoft" name=pool_bloqueio ranges=172.21.5.0/24 add comment="Aguardando Assinatura IXCSoft" name=pool_aguardando_assinatura ranges=172.22.5.0/24 /ip dhcp-server # DHCP server can not run on slave interface! add address-pool=dhcp_pool3 interface=sfp1-combo lease-time=1w3d name=dhcp1 /ipv6 pool add name=POOL-DHCP-V6-PD prefix=2804:4de8:1300::/40 prefix-length=64 add name=POOL-SLAAC-TUNEL-V6 prefix=2804:4de8:1400::/40 prefix-length=64 /port set 0 name=serial0 set 1 name=serial1 /ppp profile set *0 dns-server=45.236.84.18,45.236.84.19 add dns-server=45.236.84.18,45.236.84.19 local-address=192.168.40.1 name=profile1 rate-limit=10m/10m remote-address=pool1 session-timeout=1d23h use-mpls=no add dns-server=45.236.84.18,45.236.84.19 local-address=192.168.40.1 name=profile2 rate-limit=30m/30m remote-address=pool1 session-timeout=1d23h use-mpls=no set *FFFFFFFE dns-server=45.236.84.18,45.236.84.19 /routing bgp template set default disabled=no output.network=bgp-networks /routing ospf instance add disabled=no name=default-v2 originate-default=never redistribute=connected,static router-id=192.168.200.14 add disabled=no name=default-v3 originate-default=never redistribute=connected,static router-id=192.168.200.14 version=3 /routing ospf area add disabled=no instance=default-v2 name=backbone-v2 add area-id=0.0.0.1 default-cost=1 disabled=no instance=default-v2 name=area1-v2 type=stub add disabled=no instance=default-v3 name=backbone-v3 /snmp community set [ find default=yes ] addresses=0.0.0.0/0 name=public-noway write-access=yes /user group add name=synsuite.group policy="local,telnet,read,write,policy,test,api,!ssh,!ftp,!reboot,!winbox,!password,!web,!sniff,!sensitive,!romon,!rest-api" /interface bridge filter add action=accept chain=input in-bridge=PTK-RKT-CA-03 src-mac-address=00:27:22:BE:FB:06/FF:FF:FF:FF:FF:FF add action=accept chain=input in-bridge=loopbridge src-mac-address=00:27:22:22:6E:64/FF:FF:FF:FF:FF:FF # no interface add action=accept chain=input in-bridge=*C src-mac-address=24:A4:3C:72:CC:68/FF:FF:FF:FF:FF:FF add action=accept chain=input in-bridge=PTK-RKT-CA-03 src-mac-address=00:27:22:BE:FB:06/FF:FF:FF:FF:FF:FF add action=accept chain=input in-bridge=loopbridge src-mac-address=00:27:22:22:6E:64/FF:FF:FF:FF:FF:FF # no interface add action=accept chain=input in-bridge=*C src-mac-address=24:A4:3C:72:CC:68/FF:FF:FF:FF:FF:FF add action=accept chain=input mac-protocol=pppoe-discovery add action=accept chain=input mac-protocol=pppoe add action=drop chain=forward /interface bridge port add bridge=PTK-NN-CA-07 interface=ether1 add bridge=PTK-RKT-CA-03 interface=ether7 add bridge=PTK-RKT-CA-10 interface=ether5 add bridge=PTK-NN-CA-07 ingress-filtering=no interface=sfp1-combo pvid=640 /ip neighbor discovery-settings set discover-interface-list=all /ip settings set max-neighbor-entries=8192 /ipv6 settings set max-neighbor-entries=8192 /interface bridge vlan add bridge=*16 tagged=*14,*15 vlan-ids=640 /interface ovpn-server server set auth=sha1,md5 /interface pppoe-server server add authentication=mschap1,mschap2 default-profile=profile1 disabled=no interface=PTK-RKT-CA-03 max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=PTK-RKT-CA-03 add authentication=mschap1,mschap2 default-profile=profile1 disabled=no interface=PTK-NN-CA-07 max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=PTK-NN-CA-07 add authentication=mschap1,mschap2 default-profile=profile1 disabled=no interface=PTK-RKT-CA-10 max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=PTK-RKT-CA-10 add authentication=mschap1,mschap2 default-profile=profile1 disabled=no interface=vlan211-Repetidora_Ravanello max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=Repetidora_Ravanello add authentication=mschap1,mschap2 default-profile=profile1 interface=*16 max-mru=1480 max-mtu=1480 one-session-per-host=yes service-name=service1 /ip address add address=192.168.200.14 interface=loopbridge network=192.168.200.14 add address=192.168.100.225/29 interface=PTK-NN-CA-07 network=192.168.100.224 add address=192.168.100.249/30 interface=PTK-RKT-CA-10 network=192.168.100.248 add address=192.168.100.153/30 interface=PTK-RKT-CA-03 network=192.168.100.152 add address=192.168.100.157/30 interface=PTK-NN-CA-07 network=192.168.100.156 add address=192.168.99.185/29 interface=ether4 network=192.168.99.184 add address=192.168.99.89/29 interface=ether3 network=192.168.99.88 add address=192.168.254.18/30 interface=vlan202 network=192.168.254.16 add address=192.168.254.1/29 interface=ether6 network=192.168.254.0 add address=192.168.99.17/29 interface=ether2 network=192.168.99.16 add address=192.168.5.5/30 interface=sfp1-combo network=192.168.5.4 add address=192.168.104.185/30 interface=vlan211-Repetidora_Ravanello network=192.168.104.184 /ip arp add address=192.168.100.166 interface=sfp1-combo mac-address=00:27:22:3A:3E:70 /ip dhcp-server network add address=192.168.253.0/30 gateway=192.168.253.1 /ip dns set servers=45.236.84.18,45.236.84.19 /ip firewall address-list add address=181.214.230.16 comment="IXCProvedor endereco IP do sistema" list=rede_local /ip firewall filter add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!181.214.230.16 protocol=tcp src-address=172.21.5.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!181.214.230.16 protocol=tcp src-address-list=aviso_bloqueio add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address=172.21.5.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address-list=aviso_bloqueio add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-address=!181.214.230.16 protocol=tcp src-address=172.22.5.0/24 add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-address=!181.214.230.16 protocol=tcp src-address-list=aguardando_assinatura add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-port=!53 protocol=udp src-address=172.22.5.0/24 add action=drop chain=forward comment="IXCProvedor regra de aguardando assinatura" dst-port=!53 protocol=udp src-address-list=aguardando_assinatura /ip firewall nat add action=src-nat chain=srcnat disabled=yes src-address=192.168.40.0/24 to-addresses=45.236.84.14 add action=src-nat chain=srcnat disabled=yes src-address=192.168.99.88/29 to-addresses=45.236.84.14 add action=src-nat chain=srcnat disabled=yes src-address=45.236.84.101 to-addresses=45.236.84.14 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!181.214.230.16 dst-port=80 protocol=tcp src-address=172.21.5.0/24 to-addresses=181.214.230.16 to-ports=8082 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!181.214.230.16 dst-port=80 protocol=tcp src-address-list=aviso_bloqueio to-addresses=181.214.230.16 to-ports=8082 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aguardando assinatura" dst-address=!181.214.230.16 dst-port=80 protocol=tcp src-address=172.22.5.0/24 to-addresses=181.214.230.16 to-ports=8086 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aguardando assinatura" dst-address=!181.214.230.16 dst-port=80 protocol=tcp src-address-list=aguardando_assinatura to-addresses=181.214.230.16 to-ports=8086 add action=src-nat chain=srcnat comment="NAT CONTROLADOR VOLT" src-address=192.168.5.0/24 to-addresses=192.168.200.14 /ip service set telnet disabled=yes set ftp address=192.168.0.0/16,45.236.84.0/22,100.64.0.0/10 disabled=yes port=10021 set www address=192.168.0.0/16,45.236.84.0/22,100.64.0.0/10 disabled=yes port=10080 set ssh address="45.236.84.0/22,45.236.86.37/32,45.187.80.250/32,177.10.56.96/32,177.10.56.141/32,45.236.84.23/32" port=10022 set api address=45.236.84.24/32,45.236.84.25/32,45.236.87.255/32,192.168.199.1/32 set winbox address=45.236.84.0/22,45.236.86.37/32,45.187.80.250/32 port=25000 set api-ssl address=45.236.84.24/32,45.236.84.25/32,45.236.87.255/32,192.168.199.1/32 /ip ssh set allow-none-crypto=yes forwarding-enabled=remote /ipv6 address add address=2804:4de8:1000::5/128 advertise=no interface=loopbridge add address=2804:4de8:1002:8::1 advertise=no interface=ether3 add address=2804:4de8:1002:9::1 advertise=no interface=ether4 /ppp aaa set interim-update=20m use-radius=yes /ppp secret add name=torre.ceu profile=profile1 service=pppoe add name=festa profile=profile2 service=pppoe add name=rodrigo.paca profile=profile1 service=pppoe /radius add address=45.236.84.27 service=ppp src-address=192.168.200.14 add address=181.214.230.16 comment="IXCProvedor configuracao radius" service=ppp,hotspot,wireless src-address=192.168.200.14 timeout=3s /radius incoming set accept=yes /routing filter rule add chain=ospf-in disabled=no rule="if (dst == 0.0.0.0/0) { set pref-src 192.168.200.14; }" /routing ospf interface-template add area=area1-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=loopbridge networks=192.168.200.14 passive priority=1 add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=ether4 networks=192.168.99.184/29 priority=1 type=ptp add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=ether3 networks=192.168.99.88/29 priority=1 type=ptp add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=vlan202 networks=192.168.254.16/30 priority=1 type=nbma add area=backbone-v2 auth-id=1 auth-key="" disabled=no interfaces=ether6 networks=192.168.254.0/29 priority=1 type=ptp add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=ether2 networks=192.168.99.16/29 priority=1 /routing ospf static-neighbor add address=192.168.254.17%vlan202 area=backbone-v2 disabled=no /snmp set contact="Acacio Correa " enabled=yes location="[-26.41917307, -51.30851999]" trap-version=2 /system clock set time-zone-autodetect=no time-zone-name=America/Sao_Paulo /system identity set name=Protek-CeuAzul /system note set show-at-login=no /tool romon set enabled=yes