# routerboard: yes # model: RouterBOARD 3011UiAS # serial-number: 719F0622E297 # firmware-type: ipq8060 # factory-firmware: 3.27 # current-firmware: 6.48.7 # upgrade-firmware: 6.48.7 # # channel: long-term # installed-version: 6.48.7 # # Flags: U - undoable, R - redoable, F - floating-undo # ACTION BY POLICY # # software id = 59PC-5PUM # # model = RouterBOARD 3011UiAS # serial number = 719F0622E297 /interface bridge add name=bridge1 add name=bridge2 add fast-forward=no name=loopbridge /interface ethernet set [ find default-name=ether1 ] comment="LINK " name=ether1-link speed=100Mbps set [ find default-name=ether2 ] comment="PTK-GRD-SR-02(Omini)" speed=10Mbps set [ find default-name=ether3 ] comment=roteador loop-protect=off speed=100Mbps set [ find default-name=ether4 ] comment="PTK-ARG-RND(envia)" speed=100Mbps set [ find default-name=ether5 ] comment=PTK-RKT-SR-04 mtu=1480 speed=100Mbps set [ find default-name=ether7 ] advertise=10M-half,10M-full,100M-half,100M-full comment=PTK-ARG-SR-03 speed=10Mbps set [ find default-name=ether8 ] comment=PTK-GRD-SR-01 set [ find default-name=ether9 ] comment=PTK-RKT-SR-05 set [ find default-name=ether10 ] comment="VLAN BRESOLIN (antes BRESOLIN)" /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=pool1 ranges=100.65.8.2-100.65.8.254 add comment="Bloqueio IXCSoft" name=pool_bloqueio ranges=172.21.11.0/24 /ppp profile set *0 dns-server=45.236.84.18,45.236.84.19 add change-tcp-mss=yes dns-server=45.236.84.18,45.236.84.19 local-address=192.168.17.1 name=PPPOE_12M only-one=yes rate-limit=15m/15m remote-address=pool1 session-timeout=1d23h use-mpls=no add change-tcp-mss=yes dns-server=45.236.84.18,45.236.84.19 local-address=192.168.17.1 name=PPOE_15M only-one=yes rate-limit=15m/15m remote-address=pool1 session-timeout=1d23h use-mpls=no set *FFFFFFFE dns-server=45.236.84.18,45.236.84.19 /routing ospf area add area-id=0.0.0.1 default-cost=1 inject-summary-lsas=yes name=area1 type=stub /routing ospf instance set [ find default=yes ] redistribute-connected=as-type-1 redistribute-static=as-type-1 router-id=192.168.200.4 /snmp community set [ find default=yes ] addresses=0.0.0.0/0 name=public-noway write-access=yes /user group set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp" add name=backup policy="local,telnet,ssh,ftp,read,write,policy,test,password,sensitive,!reboot,!winbox,!web,!sniff,!api,!romon,!dude,!tikapp" #error exporting /interface bridge calea /interface bridge filter add action=accept chain=input mac-protocol=pppoe add action=accept chain=input mac-protocol=pppoe-discovery add action=accept chain=input disabled=yes in-bridge=*D src-mac-address=DC:9F:DB:5A:BF:C3/FF:FF:FF:FF:FF:FF add action=accept chain=input disabled=yes in-bridge=*11 src-mac-address=DC:9F:DB:3C:21:4F/FF:FF:FF:FF:FF:FF add action=accept chain=input disabled=yes in-bridge=bridge1 src-mac-address=24:A4:3C:F6:F9:20/FF:FF:FF:FF:FF:FF add action=accept chain=input disabled=yes in-bridge=*D src-mac-address=00:27:22:3C:7A:64/FF:FF:FF:FF:FF:FF add action=accept chain=input disabled=yes mac-protocol=pppoe add action=accept chain=input disabled=yes mac-protocol=pppoe-discovery add action=accept chain=input disabled=yes in-bridge=*D src-mac-address=DC:9F:DB:5A:BF:C3/FF:FF:FF:FF:FF:FF add action=accept chain=input disabled=yes in-bridge=*11 src-mac-address=DC:9F:DB:3C:21:4F/FF:FF:FF:FF:FF:FF add action=accept chain=input disabled=yes in-bridge=bridge1 src-mac-address=24:A4:3C:F6:F9:20/FF:FF:FF:FF:FF:FF add action=accept chain=input disabled=yes in-bridge=*D src-mac-address=00:27:22:3C:7A:64/FF:FF:FF:FF:FF:FF /interface bridge port add bridge=bridge2 interface=ether6 add bridge=bridge2 interface=ether4 add bridge=bridge2 interface=ether9 add bridge=bridge2 interface=ether3 /ip firewall connection tracking set enabled=yes /ip neighbor discovery-settings set discover-interface-list=!dynamic /ip settings set max-neighbor-entries=1024 rp-filter=loose tcp-syncookies=yes /interface pppoe-server server add default-profile=PPPOE_12M disabled=no interface=ether2 max-mru=1480 max-mtu=1480 service-name=PTK-GRD-SR-02 add default-profile=PPPOE_12M disabled=no interface=ether5 max-mru=1480 max-mtu=1480 service-name=PTK-RKT-SR-04 add default-profile=PPPOE_12M disabled=no interface=bridge2 max-mru=1480 max-mtu=1480 service-name=PTK-RKT-SR-05 add default-profile=PPPOE_12M disabled=no interface=ether10 max-mru=1480 max-mtu=1480 service-name=PTP-PTK-SRxBRESOLIN add default-profile=PPPOE_12M disabled=no interface=ether7 max-mru=1480 max-mtu=1480 service-name=PTK-ARG-SR-03 # Service is on a slave interface add default-profile=PPPOE_12M disabled=no interface=ether4 max-mru=1480 max-mtu=1480 service-name=PTK-ARG-RND add default-profile=PPPOE_12M disabled=no interface=ether8 max-mru=1480 max-mtu=1480 service-name=PTK-GRD-SR-01 /ip address add address=192.168.99.172/29 interface=ether1-link network=192.168.99.168 add address=192.168.100.217/29 interface=ether10 network=192.168.100.216 add address=192.168.200.4 interface=loopbridge network=192.168.200.4 add address=192.168.101.65/28 interface=bridge2 network=192.168.101.64 add address=192.168.100.65/29 interface=bridge2 network=192.168.100.64 add address=192.168.100.233/29 interface=ether8 network=192.168.100.232 add address=192.168.101.97/29 interface=ether2 network=192.168.101.96 add address=192.168.100.241/29 interface=ether7 network=192.168.100.240 add address=192.168.101.145/29 interface=ether5 network=192.168.101.144 add address=192.168.100.73/29 interface=ether3 network=192.168.100.72 /ip dns set servers=45.236.84.18,45.236.84.19,2804:4de8:800:8000::18,2804:4de8:800:8000::19 /ip firewall address-list add address=192.168.199.1 comment="IXCProvedor endereco IP do sistema" list=rede_local #error exporting /ip firewall calea /ip firewall filter add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 protocol=tcp src-address=172.21.11.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 protocol=tcp src-address-list=aviso_bloqueio add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address=172.21.11.0/24 add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address-list=aviso_bloqueio /ip firewall nat add action=src-nat chain=srcnat disabled=yes src-address=192.168.17.0/24 to-addresses=45.236.84.4 add action=accept chain=srcnat disabled=yes dst-address=192.168.0.0/16 src-address=192.168.0.0/16 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address=172.21.11.0/24 to-addresses=192.168.199.1 to-ports=8082 add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!192.168.199.1 dst-port=80 protocol=tcp src-address-list=aviso_bloqueio to-addresses=192.168.199.1 to-ports=8082 /ip service set telnet disabled=yes set ftp address=192.168.0.0/16,45.236.84.0/22,100.64.0.0/10 disabled=yes port=10021 set www address=192.168.0.0/16,45.236.84.0/22,100.64.0.0/10,0.0.0.0/0 disabled=yes port=8888 set ssh address=45.236.84.0/22,45.236.84.34/32,45.236.86.37/32,192.168.199.1/32 port=10022 set api address=45.236.84.24/32,45.236.84.25/32,45.236.87.255/32,192.168.199.1/32 set winbox address=45.236.84.0/22,45.236.84.34/32,45.236.86.37/32,45.187.80.250/32 port=25000 set api-ssl address=45.236.84.24/32,45.236.84.25/32,45.236.87.255/32,192.168.199.1/32 /ip smb set allow-guests=no interfaces=loopbridge /ip ssh set allow-none-crypto=yes /ppp aaa set interim-update=20m use-radius=yes /ppp secret add name=fazendarondon password=rondon profile=PPPOE_12M service=pppoe add name=teste password=Ac4c10 profile=PPPOE_12M service=pppoe add name=torre.sr password=protek-net-13 profile=PPPOE_12M service=pppoe add name=deize.onesko1 password=270720 profile=PPPOE_12M service=pppoe add name=oneskocasa password=gnt58wifi profile=PPPOE_12M service=pppoe add name=tiago.bresolin password=0481334 profile=PPOE_15M service=pppoe add name=querencia.negao password=Ac4c10 profile=PPPOE_12M service=pppoe /radius add address=192.168.199.1 comment="IXCProvedor configuracao radius" secret=radiusixcsoft service=ppp,hotspot,wireless src-address=192.168.200.4 timeout=3s add address=45.236.84.27 secret=proinfo25. service=ppp src-address=192.168.200.4 /radius incoming set accept=yes /routing filter add chain=ospf-in prefix=0.0.0.0/0 set-pref-src=192.168.200.4 /routing ospf area range add area=area1 range=100.65.8.0/24 /routing ospf interface add network-type=broadcast passive=yes add interface=ether1-link network-type=point-to-point /routing ospf nbma-neighbor add address=192.168.99.81 add address=192.168.99.150 /routing ospf network add area=backbone disabled=yes network=192.168.0.0/16 add area=backbone disabled=yes network=45.236.84.0/22 add area=area1 network=100.65.8.0/24 add area=area1 network=192.168.200.4/32 add area=backbone network=192.168.99.168/29 add area=backbone network=192.168.99.112/29 /snmp set contact="Acacio Correa " enabled=yes location="[-26.42434465, -51.31973698]" trap-version=2 /system clock set time-zone-autodetect=no time-zone-name=America/Sao_Paulo /system identity set name=Santa_Rosa /system ntp client set enabled=yes primary-ntp=45.236.84.23 secondary-ntp=200.160.0.8 /system package update set channel=long-term /system resource irq rps set ether1-link disabled=no set ether2 disabled=no set ether3 disabled=no set ether4 disabled=no set ether5 disabled=no /system watchdog set watchdog-timer=no /tool romon set enabled=yes