RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
The RB2011UiAS-2HnD-IN was already installed never used the mikrotik os before, I read the documentation that said to use Winbox to connect using the mac address. i was able to connect and seenthe software was out dated and that the time and date was off, so i corrected the time and date and was going to update the software but the i realized that it was getting error could not resolve dns name. I attempted to give it a dynamic dns and a static dns, which resulted in no internet message, so i was going to update the software maually not sure what would have to be done or if the software could be updated since it was discontinued. Determined that it could be updated and id have to update it to new versions to update to the latest version, basically it needs to act like a switch and be able to use the wifi, the last person that may have installed it was on this kick about using routers in bridge mode, which im not sure why you want to use it in bridge mode its not the gateway for the network and its after the main router and switch.eventually i may need to pass a vlan over it. I attempted to export the config file but it wouldnt appear in the files area.
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
So I was told to use the command but apparently it changed from 6.32.3 to later because I used and it appered in files.
Code: Select all
do /export file=configCode: Select all
export file=configCode: Select all
# jun/12/2024 19:51:01 by RouterOS 6.37.3
#
/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
/system routerboard settings
set protected-routerboot=disabled
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
If this config is the whole lot of it ... then this device is set up as a dumb switch, passing traffic between ether1, ether3 and ether4 (not ether2). And nothing more, e.g. wifi doesn't seem to be configured.
I don't think ROS version matters much in this setup.
I don't think ROS version matters much in this setup.
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
Can it do both be a dumb switch and have the wifi work at the same time as well?
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
Sure thing.
Configure wifi properties (SSID, password, etc.). Then add wifi1 interface as bridge port. Done.
But in this case I'd suggest you to upgrade ROS to latest v6 (long-term channel is at 6.49.13 ATM). The simplest way of doing it would be to add IP setup to device and use System->Packages->Upgrade (after ROS is upgraded, don't forget to upgrade Routerboot as well: System->Routerboot->Upgrade). And the easiest way of adding IP setup is to configure DHCP client on bridge interface. If you're weary to have your switch/AP suddenly visible on your LAN, then you can disable DHCP client after upgrade is done.
Configure wifi properties (SSID, password, etc.). Then add wifi1 interface as bridge port. Done.
But in this case I'd suggest you to upgrade ROS to latest v6 (long-term channel is at 6.49.13 ATM). The simplest way of doing it would be to add IP setup to device and use System->Packages->Upgrade (after ROS is upgraded, don't forget to upgrade Routerboot as well: System->Routerboot->Upgrade). And the easiest way of adding IP setup is to configure DHCP client on bridge interface. If you're weary to have your switch/AP suddenly visible on your LAN, then you can disable DHCP client after upgrade is done.
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
You can use this (default configuration) as a base for the wlan1 settings:
viewtopic.php?t=116259#p575426
Then you need to set something *like*:
But do you have a DHCP server in your network?
viewtopic.php?t=116259#p575426
Then you need to set something *like*:
And add the wlan1 to the bridge./interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik wpa2-pre-shared-key=***
But do you have a DHCP server in your network?
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
well right now its currently the main router, I'm hoping to setup a mutiwan router with a vlan that would pass through the current network to all devices!
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
As I already wrote: according to config you posted, this device is a switch, not a router. The other possibility is that you didn't post full config, in which case it's not possible to give you any sound advice.
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
no its the config that was exported that's what i downloaded, but how do i reimport the config when its been edited?
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
Maybe a good idea would be to reset the router to default configuration, it represents a good base to work on (as opposed of the almost non-existing one you have now).
First thing, try running:
to make sure the script for the default configuration exists.
Then, after making - better be safe than sorry - a backup of your current configuration, you can run:
Check:
https://wiki.mikrotik.com/wiki/Manual:C ... tion_Reset
First thing, try running:
Code: Select all
/system default-configuration printThen, after making - better be safe than sorry - a backup of your current configuration, you can run:
Code: Select all
/system reset-configurationhttps://wiki.mikrotik.com/wiki/Manual:C ... tion_Reset
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
I'd suggest to first upgrade to latest long-term and only later reset to defaults. As far as I remember there were some updates to default config since the ancient version your device is running.
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
That would be even better, but I don't think that right now the device has internet connectivity (to the Mikrotik site) so the "right" version needs to be manually downloaded and uploaded to the RB2011.I'd suggest to first upgrade to latest long-term and only later reset to defaults. As far as I remember there were some updates to default config since the ancient version your device is running.
Should be the MIPSBE version.
Which 6.x version would be advised?
6.49.13 Long term?
Or 6.49.15 Stable?
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
So find the firmware 6.49.13 upload to files and do i just click on it and let it install or waht process do i go through?
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
Basically you:So find the firmware 6.49.13 upload to files and do i just click on it and let it install or waht process do i go through?
1) get the files from Mikrotik site
2) upload the files to the router
3) reboot the router
The system should find the newly added files and install them.
Check:
https://wiki.mikrotik.com/wiki/Manual:U ... g_RouterOS
Wait for a confirmation by some more expert member on the actual files to download and - later - which of the files in extra are actually needed/advised, see also:
https://wiki.mikrotik.com/wiki/Manual:System/Packages
(there is no need to install packages you won't ever use, maybe you only need the "main" package "routeros-mipsbe-6.49.13.npk" and - you will need to extract it from the .zip file - the "system-6.49.13-mipsbe.npk" but cannot say if those are the files you actually want/need)
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
I suggested the way to get device upgraded in post #5 above. It's the most "fool proof" path, one can't miss with wrong packages/architecture/etc selection.
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
i added the wlan to the bridge to see it in the config and forgot to remove it and i added the 6.49.13 file and rebooted, but now i cannot even connect with winbox using the mac address.
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
Hmm ... I'm affraid you'll have to use reset button method to try to get your device under control again.
I don't remember if wireless package was part of system bundle or not. After you gain access again, check list of packages installed (System -> Packages) and if you don't see wireless, you'll have to download "extras" archive, extract wireless and upload it to your device (followed by reboot). And perform factory reset again to get default wireless setup installed.
I don't remember if wireless package was part of system bundle or not. After you gain access again, check list of packages installed (System -> Packages) and if you don't see wireless, you'll have to download "extras" archive, extract wireless and upload it to your device (followed by reboot). And perform factory reset again to get default wireless setup installed.
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
Only to make sure.
The device Is detected by Winbox (It Is listed with a MAC) but when you try connecting to It the connection Is refused?
Does this happen with the ethernet cable connected to *any* port?
Particularly, have you tried on ports different from ether1?
The device Is detected by Winbox (It Is listed with a MAC) but when you try connecting to It the connection Is refused?
Does this happen with the ethernet cable connected to *any* port?
Particularly, have you tried on ports different from ether1?
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
yes the cable was connected to port 4 that im using and then i connected it to port 2, then tried port 6. the wifi has internet but it wont connect with the mac adress using winbox, or by setting up a static ip on the lan connection also setting up the wifi with a static ip and trying to go to the 192.168.88.1 address doesnt work.
Last edited by jig36 on Mon Jun 17, 2024 10:00 pm, edited 1 time in total.
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
So i reset the config, i was able to login with the 192.168.88.1 and still not with winbox using the mac on the bottom side of the router, when i logged in i realized that it wasnt connecting because the mac address was not the same but one number off! so the software upgraded sucessfully was able to autoupdate to 6.49.15, and then to 7.12.1 then to 7.15.1!
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
It's strange that you have this mismatch between label and device, but the Winbox should detect the "real" MAC of the connected device(s).
Anyway, the main thing is that you managed to reset the router.
Anyway, the main thing is that you managed to reset the router.
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
Perhaps it's not strange at all: label usually contains MAC address of boot port (ether1), but usual default config is bridging ports from ether2 on ... and bridge MAC is copied from first port (ether2). And default config allows connection from bridge.
Also: @OP mentioned typing in MAC address manually (copying from label), likely meaning that winbox autodetection either wasn't run or it came out without results.
Also: @OP mentioned typing in MAC address manually (copying from label), likely meaning that winbox autodetection either wasn't run or it came out without results.
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
Yep, it would make sense that the MAC is "off by one" if the one of the label is for ether1 (boot port) and the connection is made with the "next" interface (the bridge with the other ports), I have a very limited experience with Winbox on different devices but I never had (or attempted) to enter manually a MAC address, WInbox always managed to detect the "right" one.
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
So I’m having trouble understanding that with the default configuration that it uses wan, so would be the difference of connecting the cable directly to the wan port versus eth1. I do understand that usually you only use the wan port when ur connecting to a modem that doesn’t have router capabilities and you want that to give the connection to different device types and normally when it’s not from a modem you don’t use the wan and connect it to one of the switch ports on a router. With most standard routers you don’t do anything with the wan configuration and only setup the lan.
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
The default configuration on most home/office Mikrotik routers is:
ether1 - Wan
other ports (in bridge) - Lan
See AP router:
https://help.mikrotik.com/docs/display/ ... s-APRouter
It Is mostly good for most common setups, and includes a firewall configuration to prevent connection from the WAN side.
While usually there is a modem/router or adapter connected to ether1 on one side and to the "internet" on the other (some devices have ether1 plainly marked as internet), conceptually a Wan device is a "next hop" of the destination route or - if you prefer - It Is a outer/farther device.
If It Is a router there are at least an "inner" subnet and an "outer" subnet that the router allows reaching, if you call the first LAN and the second WAN you might better visualize the standard setup.
But of course you can change *anything* on your device, any port can be *anything*, LAN or WAN, inside or outside bridge, etc.
ether1 - Wan
other ports (in bridge) - Lan
See AP router:
https://help.mikrotik.com/docs/display/ ... s-APRouter
It Is mostly good for most common setups, and includes a firewall configuration to prevent connection from the WAN side.
While usually there is a modem/router or adapter connected to ether1 on one side and to the "internet" on the other (some devices have ether1 plainly marked as internet), conceptually a Wan device is a "next hop" of the destination route or - if you prefer - It Is a outer/farther device.
If It Is a router there are at least an "inner" subnet and an "outer" subnet that the router allows reaching, if you call the first LAN and the second WAN you might better visualize the standard setup.
But of course you can change *anything* on your device, any port can be *anything*, LAN or WAN, inside or outside bridge, etc.
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
So with this router being a secondary router, I don’t need the router setup for the wisp option correct and just doing a basic ap router should be fine correct? And then because I’m going to be using a vlan I just need to configure the vlan that’s coming from the switch correct? Because every router and switch after the switch the vlan is setup on need to have the vlan configured?
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
Yep, if you have a firewall between the outside (internet) and this device you can get rid of firewall rules, in it's most basic configuration a secondary router has only:
one LAN Port (or one bridge with more physical ports)
one WAN Port
a "forward" route
if not implied and/or automatically generated a "reverse" route
The most basic example:
https://wiki.mikrotik.com/wiki/Manual:S ... ic_Routing
Shows R2 as the secondary router, no need for firewall on It (but It Is NEEDED on R1) and even if both ether1 and ether2 belong in the general scheme to LAN (to two different subnets) if you look at R2 by itself from the point of view of the client PC's connected to It, ether1 Is clearly WAN (outside, farther or North) and ether2 Is clearly LAN (inside, nearer, south).
Properly configuring VLANs Is not exactly straighforward, after you will have studied a bit the matter and done your own tests, you should post your configuration and a diagram of your network and the more expert members will surely be able to advise you.
The only thing you should know before is to NEVER use VLAN1.
one LAN Port (or one bridge with more physical ports)
one WAN Port
a "forward" route
if not implied and/or automatically generated a "reverse" route
The most basic example:
https://wiki.mikrotik.com/wiki/Manual:S ... ic_Routing
Shows R2 as the secondary router, no need for firewall on It (but It Is NEEDED on R1) and even if both ether1 and ether2 belong in the general scheme to LAN (to two different subnets) if you look at R2 by itself from the point of view of the client PC's connected to It, ether1 Is clearly WAN (outside, farther or North) and ether2 Is clearly LAN (inside, nearer, south).
Properly configuring VLANs Is not exactly straighforward, after you will have studied a bit the matter and done your own tests, you should post your configuration and a diagram of your network and the more expert members will surely be able to advise you.
The only thing you should know before is to NEVER use VLAN1.
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
I haven’t edited the config yet for the router still at the default state. I have only added a password for the Wi-Fiso far, but this is what the network looks like right now and what I want to make it look like!
You do not have the required permissions to view the files attached to this post.
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
I think you are exactly in the case of:
https://help.mikrotik.com/docs/display/ ... +switching
(Other devices without with a built-in switch chip)
Edit: corrected reference
https://help.mikrotik.com/docs/display/ ... +switching
(Other devices without with a built-in switch chip)
Edit: corrected reference
Last edited by jaclaz on Fri Jun 21, 2024 9:01 pm, edited 1 time in total.
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
I used the default config as a basis, what i didn't understand was the mgnt line from the vlan setup. Let me now if theres anything wrong with it!
Code: Select all
#-------------------------------------------------------------------------------
:if ($action = "apply") do={
# wait for interfaces
:local count 0;
:while ([/interface ethernet find] = "") do={
:if ($count = 30) do={
:log warning "DefConf: Unable to find ethernet interfaces";
/quit;
}
:delay 1s; :set count ($count +1);
};
:local count 0;
:while ([/interface wireless print count-only] < 1) do={
:set count ($count +1);
:if ($count = 40) do={
:log warning "DefConf: Unable to find wireless interface(s)";
/ip address add address=172.16.10.13/24 interface=ether1 comment="defconf";
/quit
}
:delay 1s;
};
/interface list add name=WAN comment="defconf"
/interface list add name=LAN comment="defconf"
/interface bridge
add name=bridge disabled=no auto-mac=yes protocol-mode=rstp comment=defconf;
:local bMACIsSet 0;
:foreach k in=[/interface find where !(slave=yes || name="ether1" || passthrough=yes || name="ether1" || name~"bridge")] do={
:local tmpPortName [/interface get $k name];
:if ($bMACIsSet = 0) do={
:if ([/interface get $k type] = "ether") do={
/interface bridge set "bridge" auto-mac=no admin-mac=[/interface get $tmpPortName mac-address];
:set bMACIsSet 1;
}
}
:if (([/interface get $k type] != "ppp-out") && ([/interface get $k type] != "lte")) do={
/interface bridge port
add bridge=bridge interface=$tmpPortName comment=defconf;
}
}
#/ip pool add name="default-dhcp" ranges=192.168.88.10-192.168.88.254;
/ip dhcp-server
# add name=defconf address-pool="default-dhcp" interface=bridge lease-time=10m disabled=no;
#/ip dhcp-server network
#add address=192.168.88.0/24 gateway=192.168.88.1 dns-server=192.168.88.1 comment="defconf";
#/ip address add address=192.168.88.1/24 #interface=bridge comment="defconf";
/ip dns {
set allow-remote-requests=yes
static add name=router.lan address=172.16.10.13 comment=defconf
}
/interface bridge
add name=bridge1
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
/interface ethernet switch vlan
add ports=ether1,ether2 switch=switch1 vlan-id=61
add ports=ether1,ether3 switch=switch1 vlan-id=61
add ports=ether1,switch1-cpu switch=switch1 vlan-id=*
/interface vlan
add interface=bridge1 vlan-id=* name=MGMT
/ip address
add address=172.16.10.1/24 interface=MGMT
/interface ethernet switch port
set ether1 vlan-mode=secure vlan-header=add-if-missing
set ether2 vlan-mode=secure vlan-header=always-strip default-vlan-id=61
set ether3 vlan-mode=secure vlan-header=always-strip default-vlan-id=61
set switch1-cpu vlan-header=leave-as-is vlan-mode=secure
/interface wireless {
:local ifcId [/interface wireless find where default-name=wlan1]
:local currentName [/interface wireless get $ifcId name]
set $ifcId mode=ap-bridge band=2ghz-b/g/n disabled=no wireless-protocol=802.11 \
distance=indoors installation=indoor
set $ifcId channel-width=20/40mhz-XX;
set $ifcId frequency=auto
:local wlanMac [/interface wireless get $ifcId mac-address];
:set ssid "MyWi-fi"
set $ifcId ssid=$ssid
#MikroTik-$[:pick $wlanMac 9 11]$[:pick $wlanMac 12 14]$[:pick $wlanMac 15 17]
}
/ip dhcp-client add interface=ether1 disabled=no comment="defconf";
/interface list member add list=LAN interface=bridge comment="defconf"
/interface list member add list=WAN interface=ether1 comment="defconf"
/ip firewall nat add chain=srcnat out-interface-list=WAN ipsec-policy=out,none action=masquerade comment="defconf: masquerade"
/ip firewall {
filter add chain=input action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"
filter add chain=input action=drop connection-state=invalid comment="defconf: drop invalid"
filter add chain=input action=accept protocol=icmp comment="defconf: accept ICMP"
filter add chain=input action=accept dst-address=127.0.0.1 comment="defconf: accept to local loopback (for CAPsMAN)"
filter add chain=input action=drop in-interface-list=!LAN comment="defconf: drop all not coming from LAN"
filter add chain=forward action=accept ipsec-policy=in,ipsec comment="defconf: accept in ipsec policy"
filter add chain=forward action=accept ipsec-policy=out,ipsec comment="defconf: accept out ipsec policy"
filter add chain=forward action=fasttrack-connection connection-state=established,related comment="defconf: fasttrack"
filter add chain=forward action=accept connection-state=established,related,untracked comment="defconf: accept established,related, untracked"
filter add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"
filter add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN comment="defconf: drop all from WAN not DSTNATed"
}
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
I am not sure to understand what you are trying to do?
Create a new "default configuration script"?
I would say that if this is the approach you chose it is a very difficult one, surely not something you can succeed at easily (without a lot of experience with RoS).
Usually you start from a set "default configuration" and manually change the settings to your liking, so that you can test results after every change or group of changes.
No idea on why you have a "*" for MGMT vlan, the example provides 99, which is a number as good as anyone else (but not 1).
Create a new "default configuration script"?
I would say that if this is the approach you chose it is a very difficult one, surely not something you can succeed at easily (without a lot of experience with RoS).
Usually you start from a set "default configuration" and manually change the settings to your liking, so that you can test results after every change or group of changes.
No idea on why you have a "*" for MGMT vlan, the example provides 99, which is a number as good as anyone else (but not 1).
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
No I’m not trying to make a default config, I was just trying to use what was there from the default configuration and change it to what I wanted, I’m still struggling with the how the microtok router has a wan configuration and a lan configuration, with most routers when you aren’t connected to the wan port that isn’t setup and you only set up the lan settings since you aren’t connecting to an external IP address if it’s a secondary router.
I had the “*” in the MGMT lines because I wasn’t sure why it was needed, is that for management for the microtik router or what is that for? Also are the lines I changed for the vlan for making a new vlan that starts from microtik router or to just use the a vlan that I already have setup and allowing the microtik router to use the existing vlan?
I had the “*” in the MGMT lines because I wasn’t sure why it was needed, is that for management for the microtik router or what is that for? Also are the lines I changed for the vlan for making a new vlan that starts from microtik router or to just use the a vlan that I already have setup and allowing the microtik router to use the existing vlan?
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
It is intended as management for the router/switch, the VLAN enthusiasts suggest the use of a separate VLAN for increased security and convenience.
The (simpler and even more secure) way is you have a port outside any bridge to which - when you need it - you connect a laptop, of course only if physical access to the router/switch is easy.
I am afraid that you will have to go through the (long but very well written/exhaustive) posts by pcunite:
viewtopic.php?t=143620
to get more insight in possible setups.
Whoosh! (that is the sound advanced VLAN setups make when going well over my head)
The (simpler and even more secure) way is you have a port outside any bridge to which - when you need it - you connect a laptop, of course only if physical access to the router/switch is easy.
I am afraid that you will have to go through the (long but very well written/exhaustive) posts by pcunite:
viewtopic.php?t=143620
to get more insight in possible setups.
Whoosh! (that is the sound advanced VLAN setups make when going well over my head)
Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
Well, I realized that the Vlan setup wasnt going to work had equipment that didn't support the option for a Vlan, So I had to go back to the basics then I went through the first time setup. It has not been completly customized yet but here it is. If I did something wrong let me know.
Code: Select all
#
/interface bridge add name=bridge1
/interface bridge port
add interface=ether1 bridge=bridge1
add interface=ether3 bridge=bridge1
add interface=ether4 bridge=bridge1
/interface bridge port add interface=wlan1 bridge=local
/ip address add address=172.16.10.3/24 interface=bridge1
/ip dhcp-client add disable=yes interface=ether1
/interface list add name=LAN
/interface list member add list=LAN
/tool mac-server set allowed-interface-list=LAN
/ip neighbor discovery-settings set discover-interface-list=LAN
/interface wireless security-profiles
add name=myProfile authentication-types=wpa2-psk mode=dynamic-keys \
wpa2-pre-shared-key=1234567890
/interface wireless
set wlan1 band=2ghz-b/g/n channel-width=20/40mhz-Ce
distance=indoors \mode=ap-bridge ssid=
MikroTik-51 wireless-protocol=802.11
/security-profiles=myprofiles frequency-mode=regulatory-domain \set country=united states antenna-gain=3
/interface bridge port add interface=wlan1 bridge=local
/system routerboard settings
set protected-routerboot=disabled
/ip service disable telnet,ftp,www,api
/ip service set ssh port=2200
/ip service set winbox address=172.16.10.3/24
/tool bandwidth-server set enabled=no
/ip dns set allow-remote-requests=no
/lcd set enabled=no
/ip ssh set strong-crypto=yes
/ip proxy set enabled=no
/ip socks set enabled=no
/ip cloud set ddns-enabled=no update-time=no