From 4e842419f945b963d0434915c7d82ef5c818543d Mon Sep 17 00:00:00 2001 From: rolli3000 Date: Thu, 20 Jun 2019 11:44:52 +0200 Subject: [PATCH] je ein vlan auf port1-3, port4 mgmt, port5 uplink --- .../mikrotik/mikrotik-vlan-config-export.rsc | 84 +++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 technikzeugs/configs/mikrotik/mikrotik-vlan-config-export.rsc diff --git a/technikzeugs/configs/mikrotik/mikrotik-vlan-config-export.rsc b/technikzeugs/configs/mikrotik/mikrotik-vlan-config-export.rsc new file mode 100644 index 0000000..80aad93 --- /dev/null +++ b/technikzeugs/configs/mikrotik/mikrotik-vlan-config-export.rsc @@ -0,0 +1,84 @@ +# jun/15/2019 12:18:43 by RouterOS 6.43.7 +# software id = 8E1R-N82D +# +# model = RouterBOARD 750P r2 +# serial number = 67D5081FC212 +/interface bridge +add admin-mac=CC:2D:E0:5D:A8:7E auto-mac=no comment=defconf name=bridge +add name=brvlan101 +add name=brvlan102 +add name=brvlan103 +/interface vlan +add interface=ether5 name=vlan101 vlan-id=101 +add interface=ether5 name=vlan102 vlan-id=102 +add interface=ether5 name=vlan103 vlan-id=103 +/interface list +add comment=defconf name=WAN +add comment=defconf name=LAN +/interface wireless security-profiles +set [ find default=yes ] supplicant-identity=MikroTik +/ip hotspot profile +set [ find default=yes ] html-directory=flash/hotspot +/ip pool +add name=default-dhcp ranges=192.168.88.10-192.168.88.254 +/interface bridge port +add bridge=brvlan102 comment=defconf interface=ether2 pvid=102 +add bridge=brvlan103 comment=defconf interface=ether3 pvid=103 +add bridge=bridge comment=defconf interface=ether4 +add bridge=bridge comment=defconf interface=ether5 +add bridge=brvlan101 interface=ether1 pvid=101 +add bridge=brvlan101 interface=vlan101 pvid=101 +add bridge=brvlan102 interface=vlan102 pvid=102 +add bridge=brvlan103 interface=vlan103 pvid=103 +/ip neighbor discovery-settings +set discover-interface-list=LAN +/interface ethernet poe settings +set ether1-poe-in-long-cable=yes +/interface list member +add comment=defconf interface=bridge list=LAN +add comment=defconf interface=ether1 list=WAN +/ip address +add address=192.168.88.1/24 comment=defconf interface=bridge network=\ + 192.168.88.0 +/ip dhcp-client +# DHCP client can not run on slave interface! +add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\ + ether1 +/ip dhcp-server network +add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1 +/ip dns +set allow-remote-requests=yes +/ip dns static +add address=192.168.88.1 name=router.lan +/ip firewall filter +add action=accept chain=input comment=\ + "defconf: accept established,related,untracked" connection-state=\ + established,related,untracked +add action=drop chain=input comment="defconf: drop invalid" connection-state=\ + invalid +add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp +add action=drop chain=input comment="defconf: drop all not coming from LAN" \ + in-interface-list=!LAN +add action=accept chain=forward comment="defconf: accept in ipsec policy" \ + ipsec-policy=in,ipsec +add action=accept chain=forward comment="defconf: accept out ipsec policy" \ + ipsec-policy=out,ipsec +add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ + connection-state=established,related +add action=accept chain=forward comment=\ + "defconf: accept established,related, untracked" connection-state=\ + established,related,untracked +add action=drop chain=forward comment="defconf: drop invalid" \ + connection-state=invalid +add action=drop chain=forward comment=\ + "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ + connection-state=new in-interface-list=WAN +/ip firewall nat +add action=masquerade chain=srcnat comment="defconf: masquerade" \ + ipsec-policy=out,none out-interface-list=WAN +/system clock +set time-zone-name=Europe/Berlin +/tool mac-server +set allowed-interface-list=LAN +/tool mac-server mac-winbox +set allowed-interface-list=LAN