nearest to PC:
CAP "1" (R403.CAP:EG.FLUR)
# model = cAPGi-5HaxD2HaxD
# serial number = HGD09QMH2N0
/interface bridge
add admin-mac=D4:01:C3:97:B1:04 ageing-time=5m arp=enabled arp-timeout=auto \
auto-mac=no comment=defconf dhcp-snooping=no disabled=no fast-forward=yes \
forward-delay=15s igmp-snooping=no max-learned-entries=auto \
max-message-age=20s mtu=auto mvrp=no name=bridgeLocal port-cost-mode=long \
priority=0x8000 protocol-mode=rstp transmit-hold-count=6 vlan-filtering=no
/interface ethernet
set [ find default-name=ether1 ] advertise="10M-baseT-half,10M-baseT-full,100M-b\
aseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full" arp=enabled \
arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no l2mtu=1568 loop-protect=default loop-protect-disable-time=5m \
loop-protect-send-interval=5s mac-address=D4:01:C3:97:B1:04 mtu=1500 name=\
ether1 orig-mac-address=D4:01:C3:97:B1:04 rx-flow-control=off \
tx-flow-control=off
set [ find default-name=ether2 ] advertise="10M-baseT-half,10M-baseT-full,100M-b\
aseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full" arp=enabled \
arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no l2mtu=1568 loop-protect=default loop-protect-disable-time=5m \
loop-protect-send-interval=5s mac-address=D4:01:C3:97:B1:05 mtu=1500 name=\
ether2 orig-mac-address=D4:01:C3:97:B1:05 poe-out=auto-on poe-priority=10 \
power-cycle-interval=none !power-cycle-ping-address \
power-cycle-ping-enabled=no !power-cycle-ping-timeout rx-flow-control=off \
tx-flow-control=off
/queue interface
set bridgeLocal queue=no-queue
/interface ethernet switch
set 0 !cpu-flow-control mirror-source=none mirror-target=none name=switch1
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
/interface ethernet switch port-isolation
set 0 !forwarding-override
set 1 !forwarding-override
set 2 !forwarding-override
/interface list
set [ find name=all ] comment="contains all interfaces" exclude="" include="" \
name=all
set [ find name=none ] comment="contains no interfaces" exclude="" include="" \
name=none
set [ find name=dynamic ] comment="contains dynamic interfaces" exclude="" \
include="" name=dynamic
set [ find name=static ] comment="contains static interfaces" exclude="" \
include="" name=static
/interface lte apn
set [ find default=yes ] add-default-route=yes apn=internet authentication=none \
default-route-distance=2 ip-type=auto name=default use-network-apn=yes \
use-peer-dns=yes
/interface macsec profile
set [ find default-name=default ] name=default server-priority=10
/interface wifi datapath
add bridge=bridgeLocal comment=defconf disabled=no name=capdp
/interface wifi
# managed by CAPsMAN
set [ find default-name=wifi1 ] arp-timeout=auto configuration.manager=capsman \
datapath=capdp disabled=no l2mtu=1560 mac-address=D4:01:C3:97:B1:06 name=\
wifi1 radio-mac=D4:01:C3:97:B1:06
# managed by CAPsMAN
set [ find default-name=wifi2 ] arp-timeout=auto configuration.manager=capsman \
datapath=capdp disabled=no l2mtu=1560 mac-address=D4:01:C3:97:B1:07 name=\
wifi2 radio-mac=D4:01:C3:97:B1:07
/ip dhcp-client option
set clientid_duid code=61 name=clientid_duid value="0xff\$(CLIENT_DUID)"
set clientid code=61 name=clientid value="0x01\$(CLIENT_MAC)"
set hostname code=12 name=hostname value="\$(HOSTNAME)"
/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=\
hotspot html-directory-override="" http-cookie-lifetime=3d http-proxy=\
0.0.0.0:0 install-hotspot-queue=no login-by=cookie,http-chap name=default \
smtp-server=0.0.0.0 split-user-domain=no use-radius=no
/ip hotspot user profile
set [ find default=yes ] add-mac-cookie=yes address-list="" idle-timeout=none \
!insert-queue-before keepalive-timeout=2m mac-cookie-timeout=3d name=\
default !parent-queue !queue-type shared-users=1 status-autorefresh=1m \
transparent-proxy=no
/ip ipsec mode-config
set [ find default=yes ] name=request-only responder=no use-responder-dns=\
exclusively
/ip ipsec policy group
set [ find default=yes ] name=default
/ip ipsec profile
set [ find default=yes ] dh-group=modp2048,modp1024 dpd-interval=8s \
dpd-maximum-failures=4 enc-algorithm=aes-128,3des hash-algorithm=sha1 \
lifetime=1d name=default nat-traversal=yes proposal-check=obey
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=\
aes-256-cbc,aes-192-cbc,aes-128-cbc lifetime=30m name=default pfs-group=\
modp1024
/ip smb users
set [ find default=yes ] disabled=no name=guest read-only=yes
/ppp profile
set *0 address-list="" !bridge !bridge-horizon bridge-learning=default \
!bridge-path-cost !bridge-port-priority change-tcp-mss=yes !dns-server \
!idle-timeout !incoming-filter !insert-queue-before !interface-list \
!local-address name=default on-down="" on-up="" only-one=default \
!outgoing-filter !parent-queue !queue-type !rate-limit !remote-address \
!session-timeout use-compression=default use-encryption=default use-ipv6=\
yes use-mpls=default use-upnp=default !wins-server
set *FFFFFFFE address-list="" !bridge !bridge-horizon bridge-learning=default \
!bridge-path-cost !bridge-port-priority change-tcp-mss=yes !dns-server \
!idle-timeout !incoming-filter !insert-queue-before !interface-list \
!local-address name=default-encryption on-down="" on-up="" only-one=default \
!outgoing-filter !parent-queue !queue-type !rate-limit !remote-address \
!session-timeout use-compression=default use-encryption=yes use-ipv6=yes \
use-mpls=default use-upnp=default !wins-server
/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 \
red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
set 5 kind=pcq name=pcq-upload-default pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50KiB pcq-rate=0 pcq-src-address-mask=\
32 pcq-src-address6-mask=128 pcq-total-limit=2000KiB
set 6 kind=pcq name=pcq-download-default pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50KiB pcq-rate=0 pcq-src-address-mask=\
32 pcq-src-address6-mask=128 pcq-total-limit=2000KiB
set 7 kind=none name=only-hardware-queue
set 8 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 9 kind=pfifo name=default-small pfifo-limit=10
/queue interface
set ether1 queue=only-hardware-queue
set ether2 queue=only-hardware-queue
# managed by CAPsMAN
set wifi1 queue=wireless-default
# managed by CAPsMAN
set wifi2 queue=wireless-default
/routing bgp template
set default as=65530 name=default
/snmp community
set [ find default=yes ] addresses=::/0 authentication-protocol=MD5 disabled=no \
encryption-protocol=DES name=public read-access=yes security=none \
write-access=no
/system logging action
set 0 memory-lines=1000 memory-stop-on-full=no name=memory target=memory
set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=1000 \
disk-stop-on-full=no name=disk target=disk
set 2 name=echo remember=yes target=echo
set 3 bsd-syslog=no name=remote remote=0.0.0.0 remote-port=514 src-address=\
0.0.0.0 syslog-facility=daemon syslog-severity=auto syslog-time-format=\
bsd-syslog target=remote
/user group
set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,web\
,sniff,sensitive,api,romon,rest-api,!ftp,!write,!policy" skin=default
set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pass\
word,web,sniff,sensitive,api,romon,rest-api,!ftp,!policy" skin=default
set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,wi\
nbox,password,web,sniff,sensitive,api,romon,rest-api" skin=default
/certificate settings
set crl-download=no crl-store=ram crl-use=no
/console settings
set sanitize-names=no
/disk settings
set auto-media-interface=none auto-media-sharing=no auto-smb-sharing=no \
auto-smb-user=guest
/ip smb
set comment=MikrotikSMB domain=MSHOME enabled=auto interfaces=all
/interface bridge port
add auto-isolate=no bpdu-guard=no bridge=bridgeLocal broadcast-flood=yes \
comment=defconf disabled=no edge=auto fast-leave=no frame-types=admit-all \
horizon=none hw=yes ingress-filtering=yes interface=ether1 \
!internal-path-cost learn=auto multicast-router=temporary-query \
mvrp-applicant-state=normal-participant mvrp-registrar-state=normal \
!path-cost point-to-point=auto priority=0x80 pvid=1 restricted-role=no \
restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes \
unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=bridgeLocal broadcast-flood=yes \
comment=defconf disabled=no edge=auto fast-leave=no frame-types=admit-all \
horizon=none hw=yes ingress-filtering=yes interface=ether2 \
!internal-path-cost learn=auto multicast-router=temporary-query \
mvrp-applicant-state=normal-participant mvrp-registrar-state=normal \
!path-cost point-to-point=auto priority=0x80 pvid=1 restricted-role=no \
restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes \
unknown-unicast-flood=yes
/interface bridge port-controller
# disabled
set bridge=none cascade-ports="" switch=none
/interface bridge port-extender
# disabled
set control-ports="" excluded-ports="" switch=none
/interface bridge settings
set allow-fast-path=yes use-ip-firewall=no use-ip-firewall-for-pppoe=no \
use-ip-firewall-for-vlan=no
/ip firewall connection tracking
set enabled=auto generic-timeout=10m icmp-timeout=10s loose-tcp-tracking=yes \
tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-max-retrans-timeout=\
5m tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s \
tcp-time-wait-timeout=10s tcp-unacked-timeout=5m udp-stream-timeout=3m \
udp-timeout=30s
/ip neighbor discovery-settings
set discover-interface-list=static discover-interval=30s lldp-mac-phy-config=no \
lldp-max-frame-size=no lldp-med-net-policy-vlan=disabled lldp-poe-power=yes \
lldp-vlan-info=no mode=tx-and-rx protocol=cdp,lldp,mndp
/ip settings
set accept-redirects=no accept-source-route=no allow-fast-path=yes arp-timeout=\
30s icmp-rate-limit=10 icmp-rate-mask=0x1818 ip-forward=yes \
ipv4-multipath-hash-policy=l3 max-neighbor-entries=16384 rp-filter=no \
secure-redirects=yes send-redirects=yes tcp-syncookies=no
/ipv6 settings
set accept-redirects=yes-if-forwarding-disabled accept-router-advertisements=\
yes-if-forwarding-disabled disable-ipv6=no forward=yes \
max-neighbor-entries=14336 multipath-hash-policy=l3
/interface detect-internet
set detect-interface-list=none internet-interface-list=none lan-interface-list=\
none wan-interface-list=none
/interface l2tp-server server
set accept-proto-version=all accept-pseudowire-type=all allow-fast-path=no \
authentication=pap,chap,mschap1,mschap2 caller-id-type=ip-address \
default-profile=default-encryption enabled=no keepalive-timeout=30 \
l2tpv3-circuit-id="" l2tpv3-cookie-length=0 l2tpv3-digest-hash=md5 \
!l2tpv3-ether-interface-list max-mru=1450 max-mtu=1450 max-sessions=\
unlimited mrru=disabled one-session-per-host=no use-ipsec=no
/interface lte settings
set firmware-path=firmware mode=auto
/interface ovpn-server server
set auth=sha1,md5,sha256,sha512 certificate=*0 cipher=blowfish128,aes128-cbc \
default-profile=default enable-tun-ipv6=no enabled=no ipv6-prefix-len=64 \
keepalive-timeout=60 mac-address=FE:BD:2E:66:9A:B3 max-mtu=1500 mode=ip \
netmask=24 port=1194 protocol=tcp push-routes="" redirect-gateway=disabled \
reneg-sec=3600 require-client-certificate=no tls-version=any \
tun-server-ipv6=::
/interface pptp-server server
# PPTP connections are considered unsafe, it is suggested to use a more modern VPN
protocol instead
set authentication=mschap1,mschap2 default-profile=default-encryption enabled=\
no keepalive-timeout=30 max-mru=1450 max-mtu=1450 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none ciphers=\
aes256-sha,aes256-gcm-sha384 default-profile=default enabled=no \
keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=disabled pfs=no port=\
443 tls-version=any verify-client-certificate=no
/interface wifi cap
set discovery-interfaces=bridgeLocal enabled=yes slaves-datapath=capdp
/interface wifi capsman
set enabled=no
/ip cloud
set back-to-home-vpn=revoked-and-disabled ddns-enabled=no ddns-update-interval=\
none update-time=yes
/ip cloud advanced
set use-local-address=no
/ip dhcp-client
add add-default-route=yes comment=defconf default-route-distance=1 \
dhcp-options=hostname,clientid disabled=no interface=bridgeLocal \
use-peer-dns=yes use-peer-ntp=yes
/ip dhcp-server config
set accounting=yes interim-update=0s radius-password=empty store-leases-disk=5m
/ip dns
set address-list-extra-time=0s allow-remote-requests=no cache-max-ttl=1w \
cache-size=2048KiB doh-max-concurrent-queries=50 \
doh-max-server-connections=5 doh-timeout=5s max-concurrent-queries=100 \
max-concurrent-tcp-sessions=20 max-udp-packet-size=4096 mdns-repeat-ifaces=\
"" query-server-timeout=2s query-total-timeout=10s servers="" \
use-doh-server="" verify-doh-cert=no vrf=main
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=yes ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes sip-timeout=1h
set pptp disabled=no
set rtsp disabled=yes ports=554
set udplite disabled=no
set dccp disabled=no
set sctp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
set [ find default=yes ] comment="counters and limits for trial users" \
disabled=no name=default-trial
/ip ipsec policy
set 0 disabled=no dst-address=::/0 group=default proposal=default protocol=all \
src-address=::/0 template=yes
/ip ipsec settings
set accounting=yes interim-update=0s xauth-use-radius=no
/ip media settings
set thumbnails=""
/ip nat-pmp
set enabled=no
/ip proxy
set always-from-cache=no anonymous=no cache-administrator=webmaster \
cache-hit-dscp=4 cache-on-disk=no cache-path=web-proxy enabled=no \
max-cache-object-size=2048KiB max-cache-size=unlimited \
max-client-connections=600 max-fresh-time=3d max-server-connections=600 \
parent-proxy=:: parent-proxy-port=0 port=8080 serialize-connections=no \
src-address=::
/ip service
set telnet address="" disabled=no max-sessions=20 port=23 vrf=main
set ftp address="" disabled=no max-sessions=20 port=21
set www address="" disabled=no max-sessions=20 port=80 vrf=main
set ssh address="" disabled=no max-sessions=20 port=22 vrf=main
set www-ssl address="" certificate=none disabled=yes max-sessions=20 port=443 \
tls-version=any vrf=main
set api address="" disabled=no max-sessions=20 port=8728 vrf=main
set winbox address="" disabled=no max-sessions=20 port=8291 vrf=main
set api-ssl address="" certificate=none disabled=no max-sessions=20 port=8729 \
tls-version=any vrf=main
/ip smb shares
set [ find default=yes ] directory=pub disabled=yes invalid-users="" name=pub \
read-only=no require-encryption=no valid-users=""
/ip socks
set auth-method=none connection-idle-timeout=2m enabled=no max-connections=200 \
port=1080 version=4 vrf=main
/ip ssh
set allow-none-crypto=no always-allow-password-login=no forwarding-enabled=no \
host-key-size=2048 host-key-type=rsa strong-crypto=no
/ip tftp settings
set max-block-size=4096
/ip traffic-flow
set active-flow-timeout=30m cache-entries=256k enabled=no \
inactive-flow-timeout=15s interfaces=all packet-sampling=no \
sampling-interval=0 sampling-space=0
/ip traffic-flow ipfix
set bytes=yes dst-address=yes dst-address-mask=yes dst-mac-address=yes \
dst-port=yes first-forwarded=yes gateway=yes icmp-code=yes icmp-type=yes \
igmp-type=yes in-interface=yes ip-header-length=yes ip-total-length=yes \
ipv6-flow-label=yes is-multicast=yes last-forwarded=yes nat-dst-address=yes \
nat-dst-port=yes nat-events=no nat-src-address=yes nat-src-port=yes \
out-interface=yes packets=yes protocol=yes src-address=yes \
src-address-mask=yes src-mac-address=yes src-port=yes sys-init-time=yes \
tcp-ack-num=yes tcp-flags=yes tcp-seq-num=yes tcp-window-size=yes tos=yes \
ttl=yes udp-length=yes
/ip upnp
set allow-disable-external-interface=no enabled=no show-dummy-rule=yes
/ipv6 nd
set [ find default=yes ] advertise-dns=yes advertise-mac-address=yes disabled=\
no hop-limit=unspecified interface=all managed-address-configuration=no \
mtu=unspecified other-configuration=no ra-delay=3s ra-interval=3m20s-10m \
ra-lifetime=30m ra-preference=medium reachable-time=unspecified \
retransmit-interval=unspecified
/ipv6 nd prefix default
set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d
/mpls settings
set allow-fast-path=yes dynamic-label-range=16-1048575 propagate-ttl=yes
/ppp aaa
set accounting=yes enable-ipv6-accounting=no interim-update=0s \
use-circuit-id-in-nas-port-id=no use-radius=no
/radius incoming
set accept=no port=3799 vrf=main
/routing igmp-proxy
set query-interval=2m5s query-response-interval=10s quick-leave=no
/routing settings
set single-process=no
/snmp
set contact="" enabled=no engine-id-suffix="" location="" src-address=:: \
trap-community=public trap-generators=temp-exception trap-target="" \
trap-version=1 vrf=main
/system clock
set time-zone-autodetect=yes time-zone-name=Europe/Vienna
/system clock manual
set dst-delta=+00:00 dst-end="1970-01-01 00:00:00" dst-start=\
"1970-01-01 00:00:00" time-zone=+00:00
/system identity
set name=R403.CAP:EG.FLUR
/system leds
set 0 disabled=no leds=poe-led type=poe-out
/system leds settings
set all-leds-off=never
/system logging
set 0 action=memory disabled=no prefix="" topics=info
set 1 action=memory disabled=no prefix="" topics=error
set 2 action=memory disabled=no prefix="" topics=warning
set 3 action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-cli-login=no show-at-login=no
/system ntp client
set enabled=no mode=unicast servers="" vrf=main
/system ntp server
set auth-key=none broadcast=no broadcast-addresses="" enabled=no \
local-clock-stratum=5 manycast=no multicast=no use-local-clock=no vrf=main
/system package update
set channel=long-term
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
set 3 cpu=auto
set 4 cpu=auto
set 5 cpu=auto
set 6 cpu=auto
set 7 cpu=auto
set 8 cpu=auto
set 9 cpu=auto
set 10 cpu=auto
set 11 cpu=auto
set 12 cpu=auto
set 13 cpu=auto
set 14 cpu=auto
set 15 cpu=auto
set 16 cpu=auto
set 17 cpu=auto
set 18 cpu=auto
set 19 cpu=auto
set 20 cpu=auto
set 21 cpu=auto
set 22 cpu=auto
set 23 cpu=auto
set 24 cpu=auto
set 25 cpu=auto
set 26 cpu=auto
set 27 cpu=auto
set 28 cpu=auto
set 29 cpu=auto
set 30 cpu=auto
set 31 cpu=auto
set 32 cpu=auto
set 33 cpu=auto
set 34 cpu=auto
set 35 cpu=auto
set 36 cpu=auto
set 37 cpu=auto
set 38 cpu=auto
set 39 cpu=auto
set 40 cpu=auto
set 41 cpu=auto
set 42 cpu=auto
set 43 cpu=auto
set 44 cpu=auto
set 45 cpu=auto
set 46 cpu=auto
set 47 cpu=auto
set 48 cpu=auto
/system resource irq rps
set ether1 disabled=yes
set ether2 disabled=yes
/system resource usb settings
set authorization=no
/system routerboard mode-button
set enabled=no hold-time=0s..1m on-event=""
/system routerboard reset-button
set enabled=no hold-time=0s..1m on-event=""
/system routerboard settings
set auto-upgrade=no boot-device=nand-if-fail-then-ethernet boot-protocol=bootp \
force-backup-booter=no preboot-etherboot=disabled preboot-etherboot-server=\
any protected-routerboot=disabled reformat-hold-button=20s \
reformat-hold-button-max=10m silent-boot=no
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes ping-start-after-boot=5m \
ping-timeout=1m watch-address=none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=100
/tool e-mail
set from=<> port=25 server=0.0.0.0 tls=no user="" vrf=main
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set allowed-interface-list=all
/tool mac-server mac-winbox
set allowed-interface-list=all
/tool mac-server ping
set enabled=yes
/tool romon
set enabled=no id=00:00:00:00:00:00
/tool romon port
set [ find default=yes ] cost=100 disabled=no forbid=no interface=all
/tool sms
set allowed-number="" channel=0 polling=no port=none receive-enabled=no \
sms-storage=sim
/tool sniffer
set file-limit=1000KiB file-name="" filter-cpu="" filter-direction=any \
filter-dst-ip-address="" filter-dst-ipv6-address="" filter-dst-mac-address=\
"" filter-dst-port="" filter-interface="" filter-ip-address="" \
filter-ip-protocol="" filter-ipv6-address="" filter-mac-address="" \
filter-mac-protocol="" filter-operator-between-entries=or filter-port="" \
filter-size="" filter-src-ip-address="" filter-src-ipv6-address="" \
filter-src-mac-address="" filter-src-port="" filter-stream=no filter-vlan=\
"" memory-limit=100KiB memory-scroll=yes only-headers=no quick-rows=20 \
quick-show-frame=no streaming-enabled=no streaming-server=0.0.0.0:37008
/tool traffic-generator
set latency-distribution-max=100us measure-out-of-order=no \
stats-samples-to-keep=100 test-id=0
/user aaa
set accounting=yes default-group=read exclude-groups="" interim-update=0s \
use-radius=no
/user settings
set minimum-categories=0 minimum-password-length=0
CAP "2" (R403.CAP:OG.BALKON)
# model = RBwAPGR-5HacD2HnD
# serial number = B7380B589768
/interface bridge
add admin-mac=C4:AD:34:58:8A:AA ageing-time=5m arp=enabled arp-timeout=auto auto-mac=no comment=defconf dhcp-snooping=no disabled=no \
fast-forward=yes forward-delay=15s igmp-snooping=no max-learned-entries=auto max-message-age=20s mtu=auto mvrp=no name=bridgeLocal \
port-cost-mode=long priority=0x8000 protocol-mode=rstp transmit-hold-count=6 vlan-filtering=no
/interface ethernet
set [ find default-name=ether1 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full arp=\
enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1598 loop-protect=default \
loop-protect-disable-time=5m loop-protect-send-interval=5s mac-address=C4:AD:34:58:8A:AA mtu=1500 name=ether1 orig-mac-address=\
C4:AD:34:58:8A:AA rx-flow-control=off tx-flow-control=off
set [ find default-name=ether2 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full arp=\
enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1598 loop-protect=default \
loop-protect-disable-time=5m loop-protect-send-interval=5s mac-address=C4:AD:34:58:8A:AB mtu=1500 name=ether2 orig-mac-address=\
C4:AD:34:58:8A:AB rx-flow-control=off tx-flow-control=off
/queue interface
set bridgeLocal queue=no-queue
/interface ethernet switch
set 0 cpu-flow-control=yes mirror-source=none mirror-target=none name=switch1
/interface ethernet switch port
set 0 default-vlan-id=auto vlan-header=leave-as-is vlan-mode=disabled
set 1 default-vlan-id=auto vlan-header=leave-as-is vlan-mode=disabled
set 2 default-vlan-id=auto vlan-header=leave-as-is vlan-mode=disabled
/interface ethernet switch port-isolation
set 0 !forwarding-override
set 1 !forwarding-override
set 2 !forwarding-override
/interface list
set [ find name=all ] comment="contains all interfaces" exclude="" include="" name=all
set [ find name=none ] comment="contains no interfaces" exclude="" include="" name=none
set [ find name=dynamic ] comment="contains dynamic interfaces" exclude="" include="" name=dynamic
set [ find name=static ] comment="contains static interfaces" exclude="" include="" name=static
/interface lte apn
set [ find default=yes ] add-default-route=yes apn=internet authentication=none default-route-distance=2 ip-type=auto name=default \
use-network-apn=yes use-peer-dns=yes
/interface lte
set [ find default-name=lte1 ] allow-roaming=no apn-profiles=default band="" disabled=no !modem-init mtu=1500 name=lte1 network-mode=\
gsm,3g,lte sms-protocol=auto sms-read=no
/queue interface
set lte1 queue=no-queue
/interface macsec profile
set [ find default-name=default ] name=default server-priority=10
/interface wifi datapath
add bridge=bridgeLocal comment=defconf disabled=no name=capdp
/interface wifi
# managed by CAPsMAN
set [ find default-name=wifi1 ] arp-timeout=auto configuration.manager=capsman datapath=capdp disabled=no l2mtu=1560 mac-address=\
C4:AD:34:58:8A:AC name=wifi1 radio-mac=C4:AD:34:58:8A:AC
# managed by CAPsMAN
set [ find default-name=wifi2 ] arp-timeout=auto configuration.manager=capsman datapath=capdp disabled=no l2mtu=1560 mac-address=\
C4:AD:34:58:8A:AD name=wifi2 radio-mac=C4:AD:34:58:8A:AD
/ip dhcp-client option
set clientid_duid code=61 name=clientid_duid value="0xff\$(CLIENT_DUID)"
set clientid code=61 name=clientid value="0x01\$(CLIENT_MAC)"
set hostname code=12 name=hostname value="\$(HOSTNAME)"
/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot html-directory-override="" http-cookie-lifetime=3d \
http-proxy=0.0.0.0:0 install-hotspot-queue=no login-by=cookie,http-chap name=default smtp-server=0.0.0.0 split-user-domain=no use-radius=\
no
/ip hotspot user profile
set [ find default=yes ] add-mac-cookie=yes address-list="" idle-timeout=none !insert-queue-before keepalive-timeout=2m mac-cookie-timeout=3d \
name=default !parent-queue !queue-type shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip ipsec mode-config
set [ find default=yes ] name=request-only responder=no use-responder-dns=exclusively
/ip ipsec policy group
set [ find default=yes ] name=default
/ip ipsec profile
set [ find default=yes ] dh-group=modp2048,modp1024 dpd-interval=8s dpd-maximum-failures=4 enc-algorithm=aes-128,3des hash-algorithm=sha1 \
lifetime=1d name=default nat-traversal=yes proposal-check=obey
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc lifetime=30m name=default \
pfs-group=modp1024
/ip smb users
set [ find default=yes ] disabled=no name=guest read-only=yes
/ppp profile
set *0 address-list="" !bridge !bridge-horizon bridge-learning=default !bridge-path-cost !bridge-port-priority change-tcp-mss=yes !dns-server \
!idle-timeout !incoming-filter !insert-queue-before !interface-list !local-address name=default on-down="" on-up="" only-one=default \
!outgoing-filter !parent-queue !queue-type !rate-limit !remote-address !session-timeout use-compression=default use-encryption=default \
use-ipv6=yes use-mpls=default use-upnp=default !wins-server
set *FFFFFFFE address-list="" !bridge !bridge-horizon bridge-learning=default !bridge-path-cost !bridge-port-priority change-tcp-mss=yes \
!dns-server !idle-timeout !incoming-filter !insert-queue-before !interface-list !local-address name=default-encryption on-down="" on-up="" \
only-one=default !outgoing-filter !parent-queue !queue-type !rate-limit !remote-address !session-timeout use-compression=default \
use-encryption=yes use-ipv6=yes use-mpls=default use-upnp=default !wins-server
/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
set 5 kind=pcq name=pcq-upload-default pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=src-address \
pcq-dst-address-mask=32 pcq-dst-address6-mask=128 pcq-limit=50KiB pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=128 \
pcq-total-limit=2000KiB
set 6 kind=pcq name=pcq-download-default pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address \
pcq-dst-address-mask=32 pcq-dst-address6-mask=128 pcq-limit=50KiB pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=128 \
pcq-total-limit=2000KiB
set 7 kind=none name=only-hardware-queue
set 8 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 9 kind=pfifo name=default-small pfifo-limit=10
/queue interface
set ether1 queue=only-hardware-queue
set ether2 queue=only-hardware-queue
# managed by CAPsMAN
set wifi1 queue=wireless-default
# managed by CAPsMAN
set wifi2 queue=wireless-default
/routing bgp template
set default as=65530 name=default
/snmp community
set [ find default=yes ] addresses=::/0 authentication-protocol=MD5 disabled=no encryption-protocol=DES name=public read-access=yes security=\
none write-access=no
/system logging action
set 0 memory-lines=1000 memory-stop-on-full=no name=memory target=memory
set 1 disk-file-count=2 disk-file-name=flash/log disk-lines-per-file=1000 disk-stop-on-full=no name=disk target=disk
set 2 name=echo remember=yes target=echo
set 3 bsd-syslog=no name=remote remote=0.0.0.0 remote-port=514 src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto \
syslog-time-format=bsd-syslog target=remote
/user group
set read name=read policy=local,telnet,ssh,reboot,read,test,winbox,password,web,sniff,sensitive,api,romon,rest-api,!ftp,!write,!policy skin=\
default
set write name=write policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,sniff,sensitive,api,romon,rest-api,!ftp,!policy skin=\
default
set full name=full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,rest-api skin=\
default
/certificate settings
set crl-download=no crl-store=ram crl-use=no
/console settings
set sanitize-names=no
/disk settings
set auto-media-interface=none auto-media-sharing=no auto-smb-sharing=no auto-smb-user=guest
/ip smb
set comment=MikrotikSMB domain=MSHOME enabled=auto interfaces=all
/interface bridge port
add auto-isolate=no bpdu-guard=no bridge=bridgeLocal broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=\
admit-all horizon=none hw=yes ingress-filtering=yes interface=ether1 !internal-path-cost learn=auto multicast-router=temporary-query \
mvrp-applicant-state=normal-participant mvrp-registrar-state=normal !path-cost point-to-point=auto priority=0x80 pvid=1 restricted-role=no \
restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=bridgeLocal broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=\
admit-all horizon=none hw=yes ingress-filtering=yes interface=ether2 !internal-path-cost learn=auto multicast-router=temporary-query \
mvrp-applicant-state=normal-participant mvrp-registrar-state=normal !path-cost point-to-point=auto priority=0x80 pvid=1 restricted-role=no \
restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
/interface bridge port-controller
# disabled
set bridge=none cascade-ports="" switch=none
/interface bridge port-extender
# disabled
set control-ports="" excluded-ports="" switch=none
/interface bridge settings
set allow-fast-path=yes use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/ip firewall connection tracking
set enabled=auto generic-timeout=10m icmp-timeout=10s loose-tcp-tracking=yes tcp-close-timeout=10s tcp-close-wait-timeout=10s \
tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-max-retrans-timeout=5m tcp-syn-received-timeout=5s \
tcp-syn-sent-timeout=5s tcp-time-wait-timeout=10s tcp-unacked-timeout=5m udp-stream-timeout=3m udp-timeout=30s
/ip neighbor discovery-settings
set discover-interface-list=static discover-interval=30s lldp-mac-phy-config=no lldp-max-frame-size=no lldp-med-net-policy-vlan=disabled \
lldp-vlan-info=no mode=tx-and-rx protocol=cdp,lldp,mndp
/ip settings
set accept-redirects=no accept-source-route=no allow-fast-path=yes arp-timeout=30s icmp-rate-limit=10 icmp-rate-mask=0x1818 ip-forward=yes \
ipv4-multipath-hash-policy=l3 max-neighbor-entries=4096 rp-filter=no secure-redirects=yes send-redirects=yes tcp-syncookies=no
/ipv6 settings
set accept-redirects=yes-if-forwarding-disabled accept-router-advertisements=yes-if-forwarding-disabled disable-ipv6=no forward=yes \
max-neighbor-entries=2048 multipath-hash-policy=l3
/interface detect-internet
set detect-interface-list=none internet-interface-list=none lan-interface-list=none wan-interface-list=none
/interface l2tp-server server
set accept-proto-version=all accept-pseudowire-type=all allow-fast-path=no authentication=pap,chap,mschap1,mschap2 caller-id-type=ip-address \
default-profile=default-encryption enabled=no keepalive-timeout=30 l2tpv3-circuit-id="" l2tpv3-cookie-length=0 l2tpv3-digest-hash=md5 \
!l2tpv3-ether-interface-list max-mru=1450 max-mtu=1450 max-sessions=unlimited mrru=disabled one-session-per-host=no use-ipsec=no
/interface lte settings
set firmware-path=firmware mode=auto
/interface ovpn-server server
set auth=sha1,md5,sha256,sha512 certificate=*0 cipher=blowfish128,aes128-cbc default-profile=default enable-tun-ipv6=no enabled=no \
ipv6-prefix-len=64 keepalive-timeout=60 mac-address=FE:E2:6D:B4:A3:7C max-mtu=1500 mode=ip netmask=24 port=1194 protocol=tcp push-routes=\
"" redirect-gateway=disabled reneg-sec=3600 require-client-certificate=no tls-version=any tun-server-ipv6=::
/interface pptp-server server
# PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead
set authentication=mschap1,mschap2 default-profile=default-encryption enabled=no keepalive-timeout=30 max-mru=1450 max-mtu=1450 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none ciphers=aes256-sha,aes256-gcm-sha384 default-profile=default enabled=no \
keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=disabled pfs=no port=443 tls-version=any verify-client-certificate=no
/interface wifi cap
set discovery-interfaces=bridgeLocal enabled=yes slaves-datapath=capdp
/interface wifi capsman
set enabled=no
/ip cloud
set back-to-home-vpn=revoked-and-disabled ddns-enabled=no ddns-update-interval=none update-time=yes
/ip cloud advanced
set use-local-address=no
/ip dhcp-client
add add-default-route=yes comment=defconf default-route-distance=1 dhcp-options=hostname,clientid disabled=no interface=bridgeLocal \
use-peer-dns=yes use-peer-ntp=yes
/ip dhcp-server config
set accounting=yes interim-update=0s radius-password=empty store-leases-disk=5m
/ip dns
set address-list-extra-time=0s allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB doh-max-concurrent-queries=50 \
doh-max-server-connections=5 doh-timeout=5s max-concurrent-queries=100 max-concurrent-tcp-sessions=20 max-udp-packet-size=4096 \
mdns-repeat-ifaces="" query-server-timeout=2s query-total-timeout=10s servers="" use-doh-server="" verify-doh-cert=no vrf=main
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=yes ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes sip-timeout=1h
set pptp disabled=no
set rtsp disabled=yes ports=554
set udplite disabled=no
set dccp disabled=no
set sctp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
set [ find default=yes ] comment="counters and limits for trial users" disabled=no name=default-trial
/ip ipsec policy
set 0 disabled=no dst-address=::/0 group=default proposal=default protocol=all src-address=::/0 template=yes
/ip ipsec settings
set accounting=yes interim-update=0s xauth-use-radius=no
/ip media settings
set thumbnails=""
/ip nat-pmp
set enabled=no
/ip proxy
set always-from-cache=no anonymous=no cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no cache-path=web-proxy enabled=no \
max-cache-object-size=2048KiB max-cache-size=unlimited max-client-connections=600 max-fresh-time=3d max-server-connections=600 \
parent-proxy=:: parent-proxy-port=0 port=8080 serialize-connections=no src-address=::
/ip service
set telnet address="" disabled=no max-sessions=20 port=23 vrf=main
set ftp address="" disabled=no max-sessions=20 port=21
set www address="" disabled=no max-sessions=20 port=80 vrf=main
set ssh address="" disabled=no max-sessions=20 port=22 vrf=main
set www-ssl address="" certificate=none disabled=yes max-sessions=20 port=443 tls-version=any vrf=main
set api address="" disabled=no max-sessions=20 port=8728 vrf=main
set winbox address="" disabled=no max-sessions=20 port=8291 vrf=main
set api-ssl address="" certificate=none disabled=no max-sessions=20 port=8729 tls-version=any vrf=main
/ip smb shares
set [ find default=yes ] directory=flash/pub disabled=yes invalid-users="" name=pub read-only=no require-encryption=no valid-users=""
/ip socks
set auth-method=none connection-idle-timeout=2m enabled=no max-connections=200 port=1080 version=4 vrf=main
/ip ssh
set allow-none-crypto=no always-allow-password-login=no forwarding-enabled=no host-key-size=2048 host-key-type=rsa strong-crypto=no
/ip tftp settings
set max-block-size=4096
/ip traffic-flow
set active-flow-timeout=30m cache-entries=32k enabled=no inactive-flow-timeout=15s interfaces=all packet-sampling=no sampling-interval=0 \
sampling-space=0
/ip traffic-flow ipfix
set bytes=yes dst-address=yes dst-address-mask=yes dst-mac-address=yes dst-port=yes first-forwarded=yes gateway=yes icmp-code=yes icmp-type=\
yes igmp-type=yes in-interface=yes ip-header-length=yes ip-total-length=yes ipv6-flow-label=yes is-multicast=yes last-forwarded=yes \
nat-dst-address=yes nat-dst-port=yes nat-events=no nat-src-address=yes nat-src-port=yes out-interface=yes packets=yes protocol=yes \
src-address=yes src-address-mask=yes src-mac-address=yes src-port=yes sys-init-time=yes tcp-ack-num=yes tcp-flags=yes tcp-seq-num=yes \
tcp-window-size=yes tos=yes ttl=yes udp-length=yes
/ip upnp
set allow-disable-external-interface=no enabled=no show-dummy-rule=yes
/ipv6 nd
set [ find default=yes ] advertise-dns=yes advertise-mac-address=yes disabled=no hop-limit=unspecified interface=all \
managed-address-configuration=no mtu=unspecified other-configuration=no ra-delay=3s ra-interval=3m20s-10m ra-lifetime=30m ra-preference=\
medium reachable-time=unspecified retransmit-interval=unspecified
/ipv6 nd prefix default
set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d
/mpls settings
set allow-fast-path=yes dynamic-label-range=16-1048575 propagate-ttl=yes
/ppp aaa
set accounting=yes enable-ipv6-accounting=no interim-update=0s use-circuit-id-in-nas-port-id=no use-radius=no
/radius incoming
set accept=no port=3799 vrf=main
/routing igmp-proxy
set query-interval=2m5s query-response-interval=10s quick-leave=no
/routing settings
set single-process=no
/snmp
set contact="" enabled=no engine-id-suffix="" location="" src-address=:: trap-community=public trap-generators=temp-exception trap-target="" \
trap-version=1 vrf=main
/system clock
set time-zone-autodetect=yes time-zone-name=Europe/Vienna
/system clock manual
set dst-delta=+00:00 dst-end="1970-01-01 00:00:00" dst-start="1970-01-01 00:00:00" time-zone=+00:00
/system identity
set name=R403.CAP:OG.BALKON
/system leds
set 0 disabled=no interface=lte1 leds=lte-led type=interface-activity
/system leds settings
set all-leds-off=never
/system logging
set 0 action=memory disabled=no prefix="" topics=info
set 1 action=memory disabled=no prefix="" topics=error
set 2 action=memory disabled=no prefix="" topics=warning
set 3 action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-cli-login=no show-at-login=no
/system ntp client
set enabled=no mode=unicast servers="" vrf=main
/system ntp server
set auth-key=none broadcast=no broadcast-addresses="" enabled=no local-clock-stratum=5 manycast=no multicast=no use-local-clock=no vrf=main
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
set 3 cpu=auto
set 4 cpu=auto
set 5 cpu=auto
set 6 cpu=auto
/system resource irq rps
set ether1 disabled=yes
set ether2 disabled=yes
/system resource usb settings
set authorization=no
/system routerboard reset-button
set enabled=no hold-time=0s..1m on-event=""
/system routerboard settings
set auto-upgrade=yes boot-device=nand-if-fail-then-ethernet boot-protocol=bootp force-backup-booter=no preboot-etherboot=disabled \
preboot-etherboot-server=any protected-routerboot=disabled reformat-hold-button=20s reformat-hold-button-max=10m silent-boot=no
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes ping-start-after-boot=5m ping-timeout=1m watch-address=none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=100
/tool e-mail
set from=<> port=25 server=0.0.0.0 tls=no user="" vrf=main
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set allowed-interface-list=all
/tool mac-server mac-winbox
set allowed-interface-list=all
/tool mac-server ping
set enabled=yes
/tool romon
set enabled=no id=00:00:00:00:00:00
/tool romon port
set [ find default=yes ] cost=100 disabled=no forbid=no interface=all
/tool sms
set allowed-number="" channel=0 polling=no port=none receive-enabled=no sms-storage=sim
/tool sniffer
set file-limit=1000KiB file-name="" filter-cpu="" filter-direction=any filter-dst-ip-address="" filter-dst-ipv6-address="" \
filter-dst-mac-address="" filter-dst-port="" filter-interface="" filter-ip-address="" filter-ip-protocol="" filter-ipv6-address="" \
filter-mac-address="" filter-mac-protocol="" filter-operator-between-entries=or filter-port="" filter-size="" filter-src-ip-address="" \
filter-src-ipv6-address="" filter-src-mac-address="" filter-src-port="" filter-stream=no filter-vlan="" memory-limit=100KiB memory-scroll=\
yes only-headers=no quick-rows=20 quick-show-frame=no streaming-enabled=no streaming-server=0.0.0.0:37008
/tool traffic-generator
set latency-distribution-max=100us measure-out-of-order=no stats-samples-to-keep=100 test-id=0
/user aaa
set accounting=yes default-group=read exclude-groups="" interim-update=0s use-radius=no
/user settings
set minimum-categories=0 minimum-password-length=0
CAP "3" (R403.CAP:OG.BUERO)
# model = cAPGi-5HaxD2HaxD
# serial number = HGD09JVZ8BG
/interface bridge
add admin-mac=D4:01:C3:94:99:9F ageing-time=5m arp=enabled arp-timeout=auto auto-mac=no comment=defconf dhcp-snooping=no disabled=no \
fast-forward=yes forward-delay=15s igmp-snooping=no max-learned-entries=auto max-message-age=20s mtu=auto mvrp=no name=bridgeLocal \
port-cost-mode=long priority=0x8000 protocol-mode=rstp transmit-hold-count=6 vlan-filtering=no
/interface ethernet
set [ find default-name=ether1 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full arp=enabled \
arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1568 loop-protect=default loop-protect-disable-time=5m \
loop-protect-send-interval=5s mac-address=D4:01:C3:94:99:9F mtu=1500 name=ether1 orig-mac-address=D4:01:C3:94:99:9F rx-flow-control=off \
tx-flow-control=off
set [ find default-name=ether2 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full arp=enabled \
arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1568 loop-protect=default loop-protect-disable-time=5m \
loop-protect-send-interval=5s mac-address=D4:01:C3:94:99:A0 mtu=1500 name=ether2 orig-mac-address=D4:01:C3:94:99:A0 poe-out=auto-on \
poe-priority=10 power-cycle-interval=none !power-cycle-ping-address power-cycle-ping-enabled=no !power-cycle-ping-timeout rx-flow-control=off \
tx-flow-control=off
/queue interface
set bridgeLocal queue=no-queue
/interface ethernet switch
set 0 !cpu-flow-control mirror-source=none mirror-target=none name=switch1
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
/interface ethernet switch port-isolation
set 0 !forwarding-override
set 1 !forwarding-override
set 2 !forwarding-override
/interface list
set [ find name=all ] comment="contains all interfaces" exclude="" include="" name=all
set [ find name=none ] comment="contains no interfaces" exclude="" include="" name=none
set [ find name=dynamic ] comment="contains dynamic interfaces" exclude="" include="" name=dynamic
set [ find name=static ] comment="contains static interfaces" exclude="" include="" name=static
/interface lte apn
set [ find default=yes ] add-default-route=yes apn=internet authentication=none default-route-distance=2 ip-type=auto name=default \
use-network-apn=yes use-peer-dns=yes
/interface macsec profile
set [ find default-name=default ] name=default server-priority=10
/interface wifi datapath
add bridge=bridgeLocal comment=defconf disabled=no name=capdp
/interface wifi
# managed by CAPsMAN
set [ find default-name=wifi1 ] arp-timeout=auto configuration.manager=capsman datapath=capdp disabled=no l2mtu=1560 mac-address=\
D4:01:C3:94:99:A1 name=wifi1 radio-mac=D4:01:C3:94:99:A1
# managed by CAPsMAN
set [ find default-name=wifi2 ] arp-timeout=auto configuration.manager=capsman datapath=capdp disabled=no l2mtu=1560 mac-address=\
D4:01:C3:94:99:A2 name=wifi2 radio-mac=D4:01:C3:94:99:A2
/ip dhcp-client option
set clientid_duid code=61 name=clientid_duid value="0xff\$(CLIENT_DUID)"
set clientid code=61 name=clientid value="0x01\$(CLIENT_MAC)"
set hostname code=12 name=hostname value="\$(HOSTNAME)"
/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot html-directory-override="" http-cookie-lifetime=3d \
http-proxy=0.0.0.0:0 install-hotspot-queue=no login-by=cookie,http-chap name=default smtp-server=0.0.0.0 split-user-domain=no use-radius=no
/ip hotspot user profile
set [ find default=yes ] add-mac-cookie=yes address-list="" idle-timeout=none !insert-queue-before keepalive-timeout=2m mac-cookie-timeout=3d \
name=default !parent-queue !queue-type shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip ipsec mode-config
set [ find default=yes ] name=request-only responder=no use-responder-dns=exclusively
/ip ipsec policy group
set [ find default=yes ] name=default
/ip ipsec profile
set [ find default=yes ] dh-group=modp2048,modp1024 dpd-interval=8s dpd-maximum-failures=4 enc-algorithm=aes-128,3des hash-algorithm=sha1 \
lifetime=1d name=default nat-traversal=yes proposal-check=obey
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc lifetime=30m name=default pfs-group=\
modp1024
/ip smb users
set [ find default=yes ] disabled=no name=guest read-only=yes
/ppp profile
set *0 address-list="" !bridge !bridge-horizon bridge-learning=default !bridge-path-cost !bridge-port-priority change-tcp-mss=yes !dns-server \
!idle-timeout !incoming-filter !insert-queue-before !interface-list !local-address name=default on-down="" on-up="" only-one=default \
!outgoing-filter !parent-queue !queue-type !rate-limit !remote-address !session-timeout use-compression=default use-encryption=default \
use-ipv6=yes use-mpls=default use-upnp=default !wins-server
set *FFFFFFFE address-list="" !bridge !bridge-horizon bridge-learning=default !bridge-path-cost !bridge-port-priority change-tcp-mss=yes \
!dns-server !idle-timeout !incoming-filter !insert-queue-before !interface-list !local-address name=default-encryption on-down="" on-up="" \
only-one=default !outgoing-filter !parent-queue !queue-type !rate-limit !remote-address !session-timeout use-compression=default \
use-encryption=yes use-ipv6=yes use-mpls=default use-upnp=default !wins-server
/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
set 5 kind=pcq name=pcq-upload-default pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=\
32 pcq-dst-address6-mask=128 pcq-limit=50KiB pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000KiB
set 6 kind=pcq name=pcq-download-default pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address \
pcq-dst-address-mask=32 pcq-dst-address6-mask=128 pcq-limit=50KiB pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=128 \
pcq-total-limit=2000KiB
set 7 kind=none name=only-hardware-queue
set 8 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 9 kind=pfifo name=default-small pfifo-limit=10
/queue interface
set ether1 queue=only-hardware-queue
set ether2 queue=only-hardware-queue
# managed by CAPsMAN
set wifi1 queue=wireless-default
# managed by CAPsMAN
set wifi2 queue=wireless-default
/routing bgp template
set default as=65530 name=default
/snmp community
set [ find default=yes ] addresses=::/0 authentication-protocol=MD5 disabled=no encryption-protocol=DES name=public read-access=yes security=none \
write-access=no
/system logging action
set 0 memory-lines=1000 memory-stop-on-full=no name=memory target=memory
set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=1000 disk-stop-on-full=no name=disk target=disk
set 2 name=echo remember=yes target=echo
set 3 bsd-syslog=no name=remote remote=0.0.0.0 remote-port=514 src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto \
syslog-time-format=bsd-syslog target=remote
/user group
set read name=read policy=local,telnet,ssh,reboot,read,test,winbox,password,web,sniff,sensitive,api,romon,rest-api,!ftp,!write,!policy skin=\
default
set write name=write policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,sniff,sensitive,api,romon,rest-api,!ftp,!policy skin=\
default
set full name=full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,rest-api skin=default
/certificate settings
set crl-download=no crl-store=ram crl-use=no
/console settings
set sanitize-names=no
/disk settings
set auto-media-interface=none auto-media-sharing=no auto-smb-sharing=no auto-smb-user=guest
/ip smb
set comment=MikrotikSMB domain=MSHOME enabled=auto interfaces=all
/interface bridge port
add auto-isolate=no bpdu-guard=no bridge=bridgeLocal broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=\
admit-all horizon=none hw=yes ingress-filtering=yes interface=ether1 !internal-path-cost learn=auto multicast-router=temporary-query \
mvrp-applicant-state=normal-participant mvrp-registrar-state=normal !path-cost point-to-point=auto priority=0x80 pvid=1 restricted-role=no \
restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=bridgeLocal broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=\
admit-all horizon=none hw=yes ingress-filtering=yes interface=ether2 !internal-path-cost learn=auto multicast-router=temporary-query \
mvrp-applicant-state=normal-participant mvrp-registrar-state=normal !path-cost point-to-point=auto priority=0x80 pvid=1 restricted-role=no \
restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
/interface bridge port-controller
# disabled
set bridge=none cascade-ports="" switch=none
/interface bridge port-extender
# disabled
set control-ports="" excluded-ports="" switch=none
/interface bridge settings
set allow-fast-path=yes use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/ip firewall connection tracking
set enabled=auto generic-timeout=10m icmp-timeout=10s loose-tcp-tracking=yes tcp-close-timeout=10s tcp-close-wait-timeout=10s \
tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-max-retrans-timeout=5m tcp-syn-received-timeout=5s \
tcp-syn-sent-timeout=5s tcp-time-wait-timeout=10s tcp-unacked-timeout=5m udp-stream-timeout=3m udp-timeout=30s
/ip neighbor discovery-settings
set discover-interface-list=static discover-interval=30s lldp-mac-phy-config=no lldp-max-frame-size=no lldp-med-net-policy-vlan=disabled \
lldp-poe-power=yes lldp-vlan-info=no mode=tx-and-rx protocol=cdp,lldp,mndp
/ip settings
set accept-redirects=no accept-source-route=no allow-fast-path=yes arp-timeout=30s icmp-rate-limit=10 icmp-rate-mask=0x1818 ip-forward=yes \
ipv4-multipath-hash-policy=l3 max-neighbor-entries=16384 rp-filter=no secure-redirects=yes send-redirects=yes tcp-syncookies=no
/ipv6 settings
set accept-redirects=yes-if-forwarding-disabled accept-router-advertisements=yes-if-forwarding-disabled disable-ipv6=no forward=yes \
max-neighbor-entries=14336 multipath-hash-policy=l3
/interface detect-internet
set detect-interface-list=none internet-interface-list=none lan-interface-list=none wan-interface-list=none
/interface l2tp-server server
set accept-proto-version=all accept-pseudowire-type=all allow-fast-path=no authentication=pap,chap,mschap1,mschap2 caller-id-type=ip-address \
default-profile=default-encryption enabled=no keepalive-timeout=30 l2tpv3-circuit-id="" l2tpv3-cookie-length=0 l2tpv3-digest-hash=md5 \
!l2tpv3-ether-interface-list max-mru=1450 max-mtu=1450 max-sessions=unlimited mrru=disabled one-session-per-host=no use-ipsec=no
/interface lte settings
set firmware-path=firmware mode=auto
/interface ovpn-server server
set auth=sha1,md5,sha256,sha512 certificate=*0 cipher=blowfish128,aes128-cbc default-profile=default enable-tun-ipv6=no enabled=no \
ipv6-prefix-len=64 keepalive-timeout=60 mac-address=FE:C1:FB:44:85:24 max-mtu=1500 mode=ip netmask=24 port=1194 protocol=tcp push-routes="" \
redirect-gateway=disabled reneg-sec=3600 require-client-certificate=no tls-version=any tun-server-ipv6=::
/interface pptp-server server
# PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead
set authentication=mschap1,mschap2 default-profile=default-encryption enabled=no keepalive-timeout=30 max-mru=1450 max-mtu=1450 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none ciphers=aes256-sha,aes256-gcm-sha384 default-profile=default enabled=no \
keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=disabled pfs=no port=443 tls-version=any verify-client-certificate=no
/interface wifi cap
set discovery-interfaces=bridgeLocal enabled=yes slaves-datapath=capdp
/interface wifi capsman
set enabled=no
/ip cloud
set back-to-home-vpn=revoked-and-disabled ddns-enabled=no ddns-update-interval=none update-time=yes
/ip cloud advanced
set use-local-address=no
/ip dhcp-client
add add-default-route=yes comment=defconf default-route-distance=1 dhcp-options=hostname,clientid disabled=no interface=bridgeLocal use-peer-dns=\
yes use-peer-ntp=yes
/ip dhcp-server config
set accounting=yes interim-update=0s radius-password=empty store-leases-disk=5m
/ip dns
set address-list-extra-time=0s allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB doh-max-concurrent-queries=50 \
doh-max-server-connections=5 doh-timeout=5s max-concurrent-queries=100 max-concurrent-tcp-sessions=20 max-udp-packet-size=4096 \
mdns-repeat-ifaces="" query-server-timeout=2s query-total-timeout=10s servers="" use-doh-server="" verify-doh-cert=no vrf=main
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=yes ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes sip-timeout=1h
set pptp disabled=no
set rtsp disabled=yes ports=554
set udplite disabled=no
set dccp disabled=no
set sctp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
set [ find default=yes ] comment="counters and limits for trial users" disabled=no name=default-trial
/ip ipsec policy
set 0 disabled=no dst-address=::/0 group=default proposal=default protocol=all src-address=::/0 template=yes
/ip ipsec settings
set accounting=yes interim-update=0s xauth-use-radius=no
/ip media settings
set thumbnails=""
/ip nat-pmp
set enabled=no
/ip proxy
set always-from-cache=no anonymous=no cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no cache-path=web-proxy enabled=no \
max-cache-object-size=2048KiB max-cache-size=unlimited max-client-connections=600 max-fresh-time=3d max-server-connections=600 parent-proxy=\
:: parent-proxy-port=0 port=8080 serialize-connections=no src-address=::
/ip service
set telnet address="" disabled=no max-sessions=20 port=23 vrf=main
set ftp address="" disabled=no max-sessions=20 port=21
set www address="" disabled=no max-sessions=20 port=80 vrf=main
set ssh address="" disabled=no max-sessions=20 port=22 vrf=main
set www-ssl address="" certificate=none disabled=yes max-sessions=20 port=443 tls-version=any vrf=main
set api address="" disabled=no max-sessions=20 port=8728 vrf=main
set winbox address="" disabled=no max-sessions=20 port=8291 vrf=main
set api-ssl address="" certificate=none disabled=no max-sessions=20 port=8729 tls-version=any vrf=main
/ip smb shares
set [ find default=yes ] directory=pub disabled=yes invalid-users="" name=pub read-only=no require-encryption=no valid-users=""
/ip socks
set auth-method=none connection-idle-timeout=2m enabled=no max-connections=200 port=1080 version=4 vrf=main
/ip ssh
set allow-none-crypto=no always-allow-password-login=no forwarding-enabled=no host-key-size=2048 host-key-type=rsa strong-crypto=no
/ip tftp settings
set max-block-size=4096
/ip traffic-flow
set active-flow-timeout=30m cache-entries=256k enabled=no inactive-flow-timeout=15s interfaces=all packet-sampling=no sampling-interval=0 \
sampling-space=0
/ip traffic-flow ipfix
set bytes=yes dst-address=yes dst-address-mask=yes dst-mac-address=yes dst-port=yes first-forwarded=yes gateway=yes icmp-code=yes icmp-type=yes \
igmp-type=yes in-interface=yes ip-header-length=yes ip-total-length=yes ipv6-flow-label=yes is-multicast=yes last-forwarded=yes \
nat-dst-address=yes nat-dst-port=yes nat-events=no nat-src-address=yes nat-src-port=yes out-interface=yes packets=yes protocol=yes \
src-address=yes src-address-mask=yes src-mac-address=yes src-port=yes sys-init-time=yes tcp-ack-num=yes tcp-flags=yes tcp-seq-num=yes \
tcp-window-size=yes tos=yes ttl=yes udp-length=yes
/ip upnp
set allow-disable-external-interface=no enabled=no show-dummy-rule=yes
/ipv6 nd
set [ find default=yes ] advertise-dns=yes advertise-mac-address=yes disabled=no hop-limit=unspecified interface=all \
managed-address-configuration=no mtu=unspecified other-configuration=no ra-delay=3s ra-interval=3m20s-10m ra-lifetime=30m ra-preference=\
medium reachable-time=unspecified retransmit-interval=unspecified
/ipv6 nd prefix default
set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d
/mpls settings
set allow-fast-path=yes dynamic-label-range=16-1048575 propagate-ttl=yes
/ppp aaa
set accounting=yes enable-ipv6-accounting=no interim-update=0s use-circuit-id-in-nas-port-id=no use-radius=no
/radius incoming
set accept=no port=3799 vrf=main
/routing igmp-proxy
set query-interval=2m5s query-response-interval=10s quick-leave=no
/routing settings
set single-process=no
/snmp
set contact="" enabled=no engine-id-suffix="" location="" src-address=:: trap-community=public trap-generators=temp-exception trap-target="" \
trap-version=1 vrf=main
/system clock
set time-zone-autodetect=yes time-zone-name=Europe/Vienna
/system clock manual
set dst-delta=+00:00 dst-end="1970-01-01 00:00:00" dst-start="1970-01-01 00:00:00" time-zone=+00:00
/system identity
set name=R403.CAP:OG.BUERO
/system leds
set 0 disabled=no leds=poe-led type=poe-out
/system leds settings
set all-leds-off=never
/system logging
set 0 action=memory disabled=no prefix="" topics=info
set 1 action=memory disabled=no prefix="" topics=error
set 2 action=memory disabled=no prefix="" topics=warning
set 3 action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-cli-login=no show-at-login=no
/system ntp client
set enabled=no mode=unicast servers="" vrf=main
/system ntp server
set auth-key=none broadcast=no broadcast-addresses="" enabled=no local-clock-stratum=5 manycast=no multicast=no use-local-clock=no vrf=main
/system package update
set channel=long-term
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
set 3 cpu=auto
set 4 cpu=auto
set 5 cpu=auto
set 6 cpu=auto
set 7 cpu=auto
set 8 cpu=auto
set 9 cpu=auto
set 10 cpu=auto
set 11 cpu=auto
set 12 cpu=auto
set 13 cpu=auto
set 14 cpu=auto
set 15 cpu=auto
set 16 cpu=auto
set 17 cpu=auto
set 18 cpu=auto
set 19 cpu=auto
set 20 cpu=auto
set 21 cpu=auto
set 22 cpu=auto
set 23 cpu=auto
set 24 cpu=auto
set 25 cpu=auto
set 26 cpu=auto
set 27 cpu=auto
set 28 cpu=auto
set 29 cpu=auto
set 30 cpu=auto
set 31 cpu=auto
set 32 cpu=auto
set 33 cpu=auto
set 34 cpu=auto
set 35 cpu=auto
set 36 cpu=auto
set 37 cpu=auto
set 38 cpu=auto
set 39 cpu=auto
set 40 cpu=auto
set 41 cpu=auto
set 42 cpu=auto
set 43 cpu=auto
set 44 cpu=auto
set 45 cpu=auto
set 46 cpu=auto
set 47 cpu=auto
set 48 cpu=auto
/system resource irq rps
set ether1 disabled=yes
set ether2 disabled=yes
/system resource usb settings
set authorization=no
/system routerboard mode-button
set enabled=no hold-time=0s..1m on-event=""
/system routerboard reset-button
set enabled=no hold-time=0s..1m on-event=""
/system routerboard settings
set auto-upgrade=yes boot-device=nand-if-fail-then-ethernet boot-protocol=bootp force-backup-booter=no preboot-etherboot=disabled \
preboot-etherboot-server=any protected-routerboot=disabled reformat-hold-button=20s reformat-hold-button-max=10m silent-boot=no
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes ping-start-after-boot=5m ping-timeout=1m watch-address=none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=100
/tool e-mail
set from=<> port=25 server=0.0.0.0 tls=no user="" vrf=main
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set allowed-interface-list=all
/tool mac-server mac-winbox
set allowed-interface-list=all
/tool mac-server ping
set enabled=yes
/tool romon
set enabled=no id=00:00:00:00:00:00
/tool romon port
set [ find default=yes ] cost=100 disabled=no forbid=no interface=all
/tool sms
set allowed-number="" channel=0 polling=no port=none receive-enabled=no sms-storage=sim
/tool sniffer
set file-limit=1000KiB file-name="" filter-cpu="" filter-direction=any filter-dst-ip-address="" filter-dst-ipv6-address="" \
filter-dst-mac-address="" filter-dst-port="" filter-interface="" filter-ip-address="" filter-ip-protocol="" filter-ipv6-address="" \
filter-mac-address="" filter-mac-protocol="" filter-operator-between-entries=or filter-port="" filter-size="" filter-src-ip-address="" \
filter-src-ipv6-address="" filter-src-mac-address="" filter-src-port="" filter-stream=no filter-vlan="" memory-limit=100KiB memory-scroll=yes \
only-headers=no quick-rows=20 quick-show-frame=no streaming-enabled=no streaming-server=0.0.0.0:37008
/tool traffic-generator
set latency-distribution-max=100us measure-out-of-order=no stats-samples-to-keep=100 test-id=0
/user aaa
set accounting=yes default-group=read exclude-groups="" interim-update=0s use-radius=no
/user settings
set minimum-categories=0 minimum-password-length=0
CAP "4" (R403.CAP:UG.KELLER)
# model = RBwAPG-5HacD2HnD
# serial number = HFM09SMSG9E
/interface bridge
add admin-mac=D4:01:C3:04:F3:FF ageing-time=5m arp=enabled arp-timeout=auto auto-mac=no comment=defconf dhcp-snooping=no disabled=no fast-forward=yes \
forward-delay=15s igmp-snooping=no max-learned-entries=auto max-message-age=20s mtu=auto mvrp=no name=bridgeLocal port-cost-mode=long priority=0x8000 \
protocol-mode=rstp transmit-hold-count=6 vlan-filtering=no
/interface ethernet
set [ find default-name=ether1 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full arp=enabled arp-timeout=\
auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1598 loop-protect=default loop-protect-disable-time=5m \
loop-protect-send-interval=5s mac-address=D4:01:C3:04:F3:FF mtu=1500 name=ether1 orig-mac-address=D4:01:C3:04:F3:FF rx-flow-control=off tx-flow-control=\
off
set [ find default-name=ether2 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full arp=enabled arp-timeout=\
auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1598 loop-protect=default loop-protect-disable-time=5m \
loop-protect-send-interval=5s mac-address=D4:01:C3:04:F4:00 mtu=1500 name=ether2 orig-mac-address=D4:01:C3:04:F4:00 rx-flow-control=off tx-flow-control=\
off
/queue interface
set bridgeLocal queue=no-queue
/interface ethernet switch
set 0 cpu-flow-control=yes mirror-source=none mirror-target=none name=switch1
/interface ethernet switch port
set 0 default-vlan-id=auto vlan-header=leave-as-is vlan-mode=disabled
set 1 default-vlan-id=auto vlan-header=leave-as-is vlan-mode=disabled
set 2 default-vlan-id=auto vlan-header=leave-as-is vlan-mode=disabled
/interface ethernet switch port-isolation
set 0 !forwarding-override
set 1 !forwarding-override
set 2 !forwarding-override
/interface list
set [ find name=all ] comment="contains all interfaces" exclude="" include="" name=all
set [ find name=none ] comment="contains no interfaces" exclude="" include="" name=none
set [ find name=dynamic ] comment="contains dynamic interfaces" exclude="" include="" name=dynamic
set [ find name=static ] comment="contains static interfaces" exclude="" include="" name=static
/interface lte apn
set [ find default=yes ] add-default-route=yes apn=internet authentication=none default-route-distance=2 ip-type=auto name=default use-network-apn=yes \
use-peer-dns=yes
/interface macsec profile
set [ find default-name=default ] name=default server-priority=10
/interface wifi datapath
add bridge=bridgeLocal comment=defconf disabled=no name=capdp
/interface wifi
# managed by CAPsMAN
set [ find default-name=wifi1 ] arp-timeout=auto configuration.manager=capsman datapath=capdp disabled=no l2mtu=1560 mac-address=D4:01:C3:04:F4:01 name=wifi1 \
radio-mac=D4:01:C3:04:F4:01
# managed by CAPsMAN
set [ find default-name=wifi2 ] arp-timeout=auto configuration.manager=capsman datapath=capdp disabled=no l2mtu=1560 mac-address=D4:01:C3:04:F4:02 name=wifi2 \
radio-mac=D4:01:C3:04:F4:02
/ip dhcp-client option
set clientid_duid code=61 name=clientid_duid value="0xff\$(CLIENT_DUID)"
set clientid code=61 name=clientid value="0x01\$(CLIENT_MAC)"
set hostname code=12 name=hostname value="\$(HOSTNAME)"
/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot html-directory-override="" http-cookie-lifetime=3d http-proxy=0.0.0.0:0 \
install-hotspot-queue=no login-by=cookie,http-chap name=default smtp-server=0.0.0.0 split-user-domain=no use-radius=no
/ip hotspot user profile
set [ find default=yes ] add-mac-cookie=yes address-list="" idle-timeout=none !insert-queue-before keepalive-timeout=2m mac-cookie-timeout=3d name=default \
!parent-queue !queue-type shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip ipsec mode-config
set [ find default=yes ] name=request-only responder=no use-responder-dns=exclusively
/ip ipsec policy group
set [ find default=yes ] name=default
/ip ipsec profile
set [ find default=yes ] dh-group=modp2048,modp1024 dpd-interval=8s dpd-maximum-failures=4 enc-algorithm=aes-128,3des hash-algorithm=sha1 lifetime=1d name=\
default nat-traversal=yes proposal-check=obey
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc lifetime=30m name=default pfs-group=modp1024
/ip smb users
set [ find default=yes ] disabled=no name=guest read-only=yes
/ppp profile
set *0 address-list="" !bridge !bridge-horizon bridge-learning=default !bridge-path-cost !bridge-port-priority change-tcp-mss=yes !dns-server !idle-timeout \
!incoming-filter !insert-queue-before !interface-list !local-address name=default on-down="" on-up="" only-one=default !outgoing-filter !parent-queue \
!queue-type !rate-limit !remote-address !session-timeout use-compression=default use-encryption=default use-ipv6=yes use-mpls=default use-upnp=default \
!wins-server
set *FFFFFFFE address-list="" !bridge !bridge-horizon bridge-learning=default !bridge-path-cost !bridge-port-priority change-tcp-mss=yes !dns-server \
!idle-timeout !incoming-filter !insert-queue-before !interface-list !local-address name=default-encryption on-down="" on-up="" only-one=default \
!outgoing-filter !parent-queue !queue-type !rate-limit !remote-address !session-timeout use-compression=default use-encryption=yes use-ipv6=yes use-mpls=\
default use-upnp=default !wins-server
/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
set 5 kind=pcq name=pcq-upload-default pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50KiB pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000KiB
set 6 kind=pcq name=pcq-download-default pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50KiB pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000KiB
set 7 kind=none name=only-hardware-queue
set 8 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 9 kind=pfifo name=default-small pfifo-limit=10
/queue interface
set ether1 queue=only-hardware-queue
set ether2 queue=only-hardware-queue
# managed by CAPsMAN
set wifi1 queue=wireless-default
# managed by CAPsMAN
set wifi2 queue=wireless-default
/routing bgp template
set default as=65530 name=default
/snmp community
set [ find default=yes ] addresses=::/0 authentication-protocol=MD5 disabled=no encryption-protocol=DES name=public read-access=yes security=none \
write-access=no
/system logging action
set 0 memory-lines=1000 memory-stop-on-full=no name=memory target=memory
set 1 disk-file-count=2 disk-file-name=flash/log disk-lines-per-file=1000 disk-stop-on-full=no name=disk target=disk
set 2 name=echo remember=yes target=echo
set 3 bsd-syslog=no name=remote remote=0.0.0.0 remote-port=514 src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto syslog-time-format=bsd-syslog \
target=remote
/user group
set read name=read policy=local,telnet,ssh,reboot,read,test,winbox,password,web,sniff,sensitive,api,romon,rest-api,!ftp,!write,!policy skin=default
set write name=write policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,sniff,sensitive,api,romon,rest-api,!ftp,!policy skin=default
set full name=full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,rest-api skin=default
/certificate settings
set crl-download=no crl-store=ram crl-use=no
/console settings
set sanitize-names=no
/disk settings
set auto-media-interface=none auto-media-sharing=no auto-smb-sharing=no auto-smb-user=guest
/ip smb
set comment=MikrotikSMB domain=MSHOME enabled=auto interfaces=all
/interface bridge port
add auto-isolate=no bpdu-guard=no bridge=bridgeLocal broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=\
none hw=yes ingress-filtering=yes interface=ether1 !internal-path-cost learn=auto multicast-router=temporary-query mvrp-applicant-state=normal-participant \
mvrp-registrar-state=normal !path-cost point-to-point=auto priority=0x80 pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no \
unknown-multicast-flood=yes unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=bridgeLocal broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=\
none hw=yes ingress-filtering=yes interface=ether2 !internal-path-cost learn=auto multicast-router=temporary-query mvrp-applicant-state=normal-participant \
mvrp-registrar-state=normal !path-cost point-to-point=auto priority=0x80 pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no \
unknown-multicast-flood=yes unknown-unicast-flood=yes
/interface bridge port-controller
# disabled
set bridge=none cascade-ports="" switch=none
/interface bridge port-extender
# disabled
set control-ports="" excluded-ports="" switch=none
/interface bridge settings
set allow-fast-path=yes use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/ip firewall connection tracking
set enabled=auto generic-timeout=10m icmp-timeout=10s loose-tcp-tracking=yes tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-max-retrans-timeout=5m tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-time-wait-timeout=10s \
tcp-unacked-timeout=5m udp-stream-timeout=3m udp-timeout=30s
/ip neighbor discovery-settings
set discover-interface-list=static discover-interval=30s lldp-mac-phy-config=no lldp-max-frame-size=no lldp-med-net-policy-vlan=disabled lldp-vlan-info=no \
mode=tx-and-rx protocol=cdp,lldp,mndp
/ip settings
set accept-redirects=no accept-source-route=no allow-fast-path=yes arp-timeout=30s icmp-rate-limit=10 icmp-rate-mask=0x1818 ip-forward=yes \
ipv4-multipath-hash-policy=l3 max-neighbor-entries=4096 rp-filter=no secure-redirects=yes send-redirects=yes tcp-syncookies=no
/ipv6 settings
set accept-redirects=yes-if-forwarding-disabled accept-router-advertisements=yes-if-forwarding-disabled disable-ipv6=no forward=yes max-neighbor-entries=2048 \
multipath-hash-policy=l3
/interface detect-internet
set detect-interface-list=none internet-interface-list=none lan-interface-list=none wan-interface-list=none
/interface l2tp-server server
set accept-proto-version=all accept-pseudowire-type=all allow-fast-path=no authentication=pap,chap,mschap1,mschap2 caller-id-type=ip-address default-profile=\
default-encryption enabled=no keepalive-timeout=30 l2tpv3-circuit-id="" l2tpv3-cookie-length=0 l2tpv3-digest-hash=md5 !l2tpv3-ether-interface-list \
max-mru=1450 max-mtu=1450 max-sessions=unlimited mrru=disabled one-session-per-host=no use-ipsec=no
/interface lte settings
set firmware-path=firmware mode=auto
/interface ovpn-server server
set auth=sha1,md5,sha256,sha512 certificate=*0 cipher=blowfish128,aes128-cbc default-profile=default enable-tun-ipv6=no enabled=no ipv6-prefix-len=64 \
keepalive-timeout=60 mac-address=FE:C4:86:1A:0A:98 max-mtu=1500 mode=ip netmask=24 port=1194 protocol=tcp push-routes="" redirect-gateway=disabled \
reneg-sec=3600 require-client-certificate=no tls-version=any tun-server-ipv6=::
/interface pptp-server server
# PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead
set authentication=mschap1,mschap2 default-profile=default-encryption enabled=no keepalive-timeout=30 max-mru=1450 max-mtu=1450 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none ciphers=aes256-sha,aes256-gcm-sha384 default-profile=default enabled=no keepalive-timeout=60 \
max-mru=1500 max-mtu=1500 mrru=disabled pfs=no port=443 tls-version=any verify-client-certificate=no
/interface wifi cap
set discovery-interfaces=bridgeLocal enabled=yes slaves-datapath=capdp
/interface wifi capsman
set enabled=no
/ip cloud
set back-to-home-vpn=revoked-and-disabled ddns-enabled=no ddns-update-interval=none update-time=yes
/ip cloud advanced
set use-local-address=no
/ip dhcp-client
add add-default-route=yes comment=defconf default-route-distance=1 dhcp-options=hostname,clientid disabled=no interface=bridgeLocal use-peer-dns=yes \
use-peer-ntp=yes
/ip dhcp-server config
set accounting=yes interim-update=0s radius-password=empty store-leases-disk=5m
/ip dns
set address-list-extra-time=0s allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB doh-max-concurrent-queries=50 doh-max-server-connections=5 \
doh-timeout=5s max-concurrent-queries=100 max-concurrent-tcp-sessions=20 max-udp-packet-size=4096 mdns-repeat-ifaces="" query-server-timeout=2s \
query-total-timeout=10s servers="" use-doh-server="" verify-doh-cert=no vrf=main
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=yes ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes sip-timeout=1h
set pptp disabled=no
set rtsp disabled=yes ports=554
set udplite disabled=no
set dccp disabled=no
set sctp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
set [ find default=yes ] comment="counters and limits for trial users" disabled=no name=default-trial
/ip ipsec policy
set 0 disabled=no dst-address=::/0 group=default proposal=default protocol=all src-address=::/0 template=yes
/ip ipsec settings
set accounting=yes interim-update=0s xauth-use-radius=no
/ip media settings
set thumbnails=""
/ip nat-pmp
set enabled=no
/ip proxy
set always-from-cache=no anonymous=no cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no cache-path=web-proxy enabled=no max-cache-object-size=\
2048KiB max-cache-size=unlimited max-client-connections=600 max-fresh-time=3d max-server-connections=600 parent-proxy=:: parent-proxy-port=0 port=8080 \
serialize-connections=no src-address=::
/ip service
set telnet address="" disabled=no max-sessions=20 port=23 vrf=main
set ftp address="" disabled=no max-sessions=20 port=21
set www address="" disabled=no max-sessions=20 port=80 vrf=main
set ssh address="" disabled=no max-sessions=20 port=22 vrf=main
set www-ssl address="" certificate=none disabled=yes max-sessions=20 port=443 tls-version=any vrf=main
set api address="" disabled=no max-sessions=20 port=8728 vrf=main
set winbox address="" disabled=no max-sessions=20 port=8291 vrf=main
set api-ssl address="" certificate=none disabled=no max-sessions=20 port=8729 tls-version=any vrf=main
/ip smb shares
set [ find default=yes ] directory=flash/pub disabled=yes invalid-users="" name=pub read-only=no require-encryption=no valid-users=""
/ip socks
set auth-method=none connection-idle-timeout=2m enabled=no max-connections=200 port=1080 version=4 vrf=main
/ip ssh
set allow-none-crypto=no always-allow-password-login=no forwarding-enabled=no host-key-size=2048 host-key-type=rsa strong-crypto=no
/ip tftp settings
set max-block-size=4096
/ip traffic-flow
set active-flow-timeout=30m cache-entries=32k enabled=no inactive-flow-timeout=15s interfaces=all packet-sampling=no sampling-interval=0 sampling-space=0
/ip traffic-flow ipfix
set bytes=yes dst-address=yes dst-address-mask=yes dst-mac-address=yes dst-port=yes first-forwarded=yes gateway=yes icmp-code=yes icmp-type=yes igmp-type=yes \
in-interface=yes ip-header-length=yes ip-total-length=yes ipv6-flow-label=yes is-multicast=yes last-forwarded=yes nat-dst-address=yes nat-dst-port=yes \
nat-events=no nat-src-address=yes nat-src-port=yes out-interface=yes packets=yes protocol=yes src-address=yes src-address-mask=yes src-mac-address=yes \
src-port=yes sys-init-time=yes tcp-ack-num=yes tcp-flags=yes tcp-seq-num=yes tcp-window-size=yes tos=yes ttl=yes udp-length=yes
/ip upnp
set allow-disable-external-interface=no enabled=no show-dummy-rule=yes
/ipv6 nd
set [ find default=yes ] advertise-dns=yes advertise-mac-address=yes disabled=no hop-limit=unspecified interface=all managed-address-configuration=no mtu=\
unspecified other-configuration=no ra-delay=3s ra-interval=3m20s-10m ra-lifetime=30m ra-preference=medium reachable-time=unspecified retransmit-interval=\
unspecified
/ipv6 nd prefix default
set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d
/mpls settings
set allow-fast-path=yes dynamic-label-range=16-1048575 propagate-ttl=yes
/ppp aaa
set accounting=yes enable-ipv6-accounting=no interim-update=0s use-circuit-id-in-nas-port-id=no use-radius=no
/radius incoming
set accept=no port=3799 vrf=main
/routing igmp-proxy
set query-interval=2m5s query-response-interval=10s quick-leave=no
/routing settings
set single-process=no
/snmp
set contact="" enabled=no engine-id-suffix="" location="" src-address=:: trap-community=public trap-generators=temp-exception trap-target="" trap-version=1 \
vrf=main
/system clock
set time-zone-autodetect=yes time-zone-name=Europe/Vienna
/system clock manual
set dst-delta=+00:00 dst-end="1970-01-01 00:00:00" dst-start="1970-01-01 00:00:00" time-zone=+00:00
/system identity
set name=R403.CAP:UG.KELLER
/system leds settings
set all-leds-off=never
/system logging
set 0 action=memory disabled=no prefix="" topics=info
set 1 action=memory disabled=no prefix="" topics=error
set 2 action=memory disabled=no prefix="" topics=warning
set 3 action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-cli-login=no show-at-login=no
/system ntp client
set enabled=no mode=unicast servers="" vrf=main
/system ntp server
set auth-key=none broadcast=no broadcast-addresses="" enabled=no local-clock-stratum=5 manycast=no multicast=no use-local-clock=no vrf=main
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
set 3 cpu=auto
set 4 cpu=auto
set 5 cpu=auto
set 6 cpu=auto
/system resource irq rps
set ether1 disabled=yes
set ether2 disabled=yes
/system resource usb settings
set authorization=no
/system routerboard reset-button
set enabled=no hold-time=0s..1m on-event=""
/system routerboard settings
set auto-upgrade=yes boot-device=nand-if-fail-then-ethernet boot-protocol=bootp force-backup-booter=no preboot-etherboot=disabled preboot-etherboot-server=any \
protected-routerboot=disabled reformat-hold-button=20s reformat-hold-button-max=10m silent-boot=no
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes ping-start-after-boot=5m ping-timeout=1m watch-address=none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=100
/tool e-mail
set from=<> port=25 server=0.0.0.0 tls=no user="" vrf=main
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set allowed-interface-list=all
/tool mac-server mac-winbox
set allowed-interface-list=all
/tool mac-server ping
set enabled=yes
/tool romon
set enabled=no id=00:00:00:00:00:00
/tool romon port
set [ find default=yes ] cost=100 disabled=no forbid=no interface=all
/tool sms
set allowed-number="" channel=0 polling=no port=none receive-enabled=no sms-storage=sim
/tool sniffer
set file-limit=1000KiB file-name="" filter-cpu="" filter-direction=any filter-dst-ip-address="" filter-dst-ipv6-address="" filter-dst-mac-address="" \
filter-dst-port="" filter-interface="" filter-ip-address="" filter-ip-protocol="" filter-ipv6-address="" filter-mac-address="" filter-mac-protocol="" \
filter-operator-between-entries=or filter-port="" filter-size="" filter-src-ip-address="" filter-src-ipv6-address="" filter-src-mac-address="" \
filter-src-port="" filter-stream=no filter-vlan="" memory-limit=100KiB memory-scroll=yes only-headers=no quick-rows=20 quick-show-frame=no \
streaming-enabled=no streaming-server=0.0.0.0:37008
/tool traffic-generator
set latency-distribution-max=100us measure-out-of-order=no stats-samples-to-keep=100 test-id=0
/user aaa
set accounting=yes default-group=read exclude-groups="" interim-update=0s use-radius=no
/user settings
set minimum-categories=0 minimum-password-length=0
CAPSMAN:
# model = CRS328-24P-4S+
# serial number = HD508BTMHMH
/interface bridge
add admin-mac=18:FD:74:A8:66:F9 auto-mac=no comment=defconf name=BRIDGE1 port-cost-mode=short protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] name=ether01 poe-out=off
set [ find default-name=ether2 ] name=ether02
set [ find default-name=ether3 ] name=ether03
set [ find default-name=ether4 ] name=ether04
set [ find default-name=ether5 ] name=ether05
set [ find default-name=ether6 ] name=ether06
set [ find default-name=ether7 ] name=ether07
set [ find default-name=ether8 ] name=ether08
set [ find default-name=ether9 ] name=ether09
set [ find default-name=ether24 ] advertise=1G-baseT-half,1G-baseT-full poe-out=off
/interface vlan
add interface=BRIDGE1 name=VLAN1-R403-intern vlan-id=1
add interface=ether01 name=VLAN2-R403-Heimautomatisierung vlan-id=1
add interface=ether17 name=gast vlan-id=1
/interface bonding
add name=Bond-MacPro slaves=ether07,ether08
/interface list
add name=WAN
add name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wifi channel
add disabled=no frequency=2412,2437,2462 name=channel-2G width=20mhz
add disabled=no frequency=5180,5220,5745,5785 name=channel-5G width=20/40mhz-Ce
/interface wifi datapath
add bridge=BRIDGE1 disabled=no name=datapath1
/interface wifi security
add authentication-types=wpa2-psk disabled=no name=security-clients
add authentication-types=wpa2-psk disabled=no name=security-IoT
add authentication-types=wpa2-psk disabled=no name=security-AC
/interface wifi configuration
add channel=channel-5G country="United States" disabled=no mode=ap name=config-clients-5G security=security-clients ssid=R403
add channel=channel-2G country="United States" disabled=no mode=ap name=config-clients-2G security=security-clients ssid=R403
add channel=channel-2G country="United States" disabled=no mode=ap name=config-IoT-2G security=security-IoT ssid=R403IoT
add channel=channel-2G country="United States" disabled=no mode=ap name=config-AC-2G security=security-AC ssid=R403AC
/interface wifi
# must specify passphrase for PSK
add configuration=config-clients-2G disabled=no name=cap-wifi1 radio-mac=D4:01:C3:04:F4:01
add configuration=config-IoT-2G disabled=no mac-address=D6:01:C3:04:F4:01 master-interface=cap-wifi1 name=cap-wifi1-virtual1
add configuration=config-AC-2G disabled=no mac-address=D6:01:C3:04:F4:02 master-interface=cap-wifi1 name=cap-wifi1-virtual2
# must specify passphrase for PSK
add configuration=config-clients-5G disabled=no name=cap-wifi2 radio-mac=D4:01:C3:04:F4:02
# must specify passphrase for PSK
add configuration=config-clients-5G disabled=no name=cap-wifi3 radio-mac=D4:01:C3:97:B1:06
# must specify passphrase for PSK
add configuration=config-clients-5G disabled=no name=cap-wifi4 radio-mac=D4:01:C3:94:99:A1
# must specify passphrase for PSK
add configuration=config-clients-2G disabled=no name=cap-wifi5 radio-mac=D4:01:C3:94:99:A2
add configuration=config-IoT-2G disabled=no mac-address=D6:01:C3:94:99:A2 master-interface=cap-wifi5 name=cap-wifi5-virtual1
add configuration=config-AC-2G disabled=no mac-address=D6:01:C3:94:99:A3 master-interface=cap-wifi5 name=cap-wifi5-virtual2
# must specify passphrase for PSK
add configuration=config-clients-5G disabled=no name=cap-wifi6 radio-mac=C4:AD:34:58:8A:AD
# must specify passphrase for PSK
add configuration=config-clients-2G disabled=no name=cap-wifi7 radio-mac=D4:01:C3:97:B1:07
add configuration=config-IoT-2G disabled=no mac-address=D6:01:C3:97:B1:07 master-interface=cap-wifi7 name=cap-wifi7-virtual1
add configuration=config-AC-2G disabled=no mac-address=D6:01:C3:97:B1:08 master-interface=cap-wifi7 name=cap-wifi7-virtual2
# must specify passphrase for PSK
add configuration=config-clients-2G disabled=no name=cap-wifi8 radio-mac=C4:AD:34:58:8A:AC
add configuration=config-IoT-2G disabled=no mac-address=C6:AD:34:58:8A:AC master-interface=cap-wifi8 name=cap-wifi8-virtual1
add configuration=config-AC-2G disabled=no mac-address=C6:AD:34:58:8A:AD master-interface=cap-wifi8 name=cap-wifi8-virtual2
/ip ipsec policy group
add name=group1
/ip ipsec profile
set [ find default=yes ] dh-group=modp1024 dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=aes-256,3des hash-algorithm=sha256
add dh-group=modp1536 dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=aes-256,aes-192,aes-128 name=IPsec-Profile-comp
add dh-group=modp1024 dpd-interval=30s dpd-maximum-failures=3 enc-algorithm=aes-256,aes-192,aes-128 name=Private-S2S-VPNs
/ip ipsec peer
add address=hff0915c2k1.sn.mynetname.net name=G21 profile=Private-S2S-VPNs
add address=*****/32 name=comp profile=IPsec-Profile-comp
/ip ipsec proposal
add auth-algorithms=sha1,md5 enc-algorithms=aes-256-cbc,aes-256-gcm,aes-192-cbc,aes-192-ctr,aes-128-cbc,3des name=proposal-comp pfs-group=modp1536
add auth-algorithms=sha256,sha1 enc-algorithms=aes-256-cbc,aes-192-cbc name=proposal-R403 pfs-group=modp1536
/ip pool
add name=VLAN0-DHCP ranges=10.43.210.101-10.43.210.200
/ip dhcp-server
add add-arp=yes address-pool=VLAN0-DHCP authoritative=no interface=BRIDGE1 lease-time=23h name=DHCP-INTERN
/ip smb users
set [ find default=yes ] disabled=yes
/port
set 0 name=serial0
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/ip smb
set domain=R403
/interface bridge port
add bridge=BRIDGE1 comment=defconf ingress-filtering=no interface=ether01 internal-path-cost=10 path-cost=10
add bridge=BRIDGE1 comment=defconf ingress-filtering=no interface=ether02 internal-path-cost=10 path-cost=10
add bridge=BRIDGE1 comment=defconf ingress-filtering=no interface=ether03 internal-path-cost=10 path-cost=10
add bridge=BRIDGE1 comment=defconf ingress-filtering=no interface=ether04 internal-path-cost=10 path-cost=10
add bridge=BRIDGE1 comment=defconf ingress-filtering=no interface=ether05 internal-path-cost=10 path-cost=10
add bridge=BRIDGE1 comment=defconf ingress-filtering=no interface=ether06 internal-path-cost=10 path-cost=10
add bridge=BRIDGE1 comment=defconf ingress-filtering=no interface=ether09 internal-path-cost=10 path-cost=10
add bridge=BRIDGE1 comment=defconf ingress-filtering=no interface=ether10 internal-path-cost=10 path-cost=10
add bridge=BRIDGE1 comment=defconf ingress-filtering=no interface=ether11 internal-path-cost=10 path-cost=10
add bridge=BRIDGE1 comment=defconf ingress-filtering=no interface=ether12 internal-path-cost=10 path-cost=10
add bridge=BRIDGE1 comment=defconf ingress-filtering=no interface=ether13 internal-path-cost=10 path-cost=10
add bridge=BRIDGE1 comment=defconf ingress-filtering=no interface=ether14 internal-path-cost=10 path-cost=10
add bridge=BRIDGE1 comment=defconf ingress-filtering=no interface=ether15 internal-path-cost=10 path-cost=10
add bridge=BRIDGE1 comment=defconf ingress-filtering=no interface=ether19 internal-path-cost=10 path-cost=10
add bridge=BRIDGE1 comment=defconf ingress-filtering=no interface=ether20 internal-path-cost=10 path-cost=10
add bridge=BRIDGE1 comment=defconf ingress-filtering=no interface=ether21 internal-path-cost=10 path-cost=10
add bridge=BRIDGE1 comment=defconf ingress-filtering=no interface=ether22 internal-path-cost=10 path-cost=10
add bridge=BRIDGE1 comment=defconf ingress-filtering=no interface=ether23 internal-path-cost=10 path-cost=10
add bridge=BRIDGE1 ingress-filtering=no interface=sfp-sfpplus1 internal-path-cost=10 path-cost=10
add bridge=BRIDGE1 ingress-filtering=no interface=ether16 internal-path-cost=10 path-cost=10
add bridge=BRIDGE1 ingress-filtering=no interface=ether17 internal-path-cost=10 path-cost=10
add bridge=BRIDGE1 ingress-filtering=no interface=ether18 internal-path-cost=10 path-cost=10
add bridge=BRIDGE1 interface=sfp-sfpplus4 internal-path-cost=10 path-cost=10
add bridge=BRIDGE1 interface=sfp-sfpplus3 internal-path-cost=10 path-cost=10
add bridge=BRIDGE1 interface=Bond-MacPro
add bridge=BRIDGE1 interface=sfp-sfpplus2
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes
/interface bridge vlan
add bridge=BRIDGE1 vlan-ids=1
/interface detect-internet
set detect-interface-list=WAN
/interface ethernet switch
set 0 name=SW1-OG
/interface list member
add interface=ether01 list=LAN
add interface=ether02 list=LAN
add interface=ether03 list=LAN
add interface=ether04 list=LAN
add interface=ether05 list=LAN
add interface=ether06 list=LAN
add interface=ether07 list=LAN
add interface=ether08 list=LAN
add interface=ether09 list=LAN
add interface=ether10 list=LAN
add interface=ether11 list=LAN
add interface=ether12 list=LAN
add interface=ether13 list=LAN
add interface=ether14 list=LAN
add interface=ether15 list=LAN
add interface=ether16 list=LAN
add interface=ether17 list=LAN
add interface=ether18 list=LAN
add interface=ether19 list=LAN
add interface=ether20 list=LAN
add interface=ether21 list=LAN
add interface=ether22 list=LAN
add interface=ether23 list=LAN
add interface=sfp-sfpplus1 list=LAN
add interface=sfp-sfpplus2 list=LAN
add interface=sfp-sfpplus3 list=LAN
add interface=sfp-sfpplus4 list=LAN
add interface=BRIDGE1 list=LAN
add interface=ether24 list=WAN
/interface ovpn-server server
set auth=sha1,md5
/interface wifi capsman
set enabled=yes interfaces=BRIDGE1 package-path="" require-peer-certificate=no upgrade-policy=suggest-same-version
/interface wifi provisioning
add action=create-enabled disabled=no master-configuration=config-clients-5G supported-bands=5ghz-ax
add action=create-enabled disabled=no master-configuration=config-clients-2G slave-configurations=config-IoT-2G,config-AC-2G supported-bands=2ghz-ax
add action=create-enabled disabled=no master-configuration=config-clients-5G supported-bands=5ghz-ac
add action=create-enabled disabled=no master-configuration=config-clients-2G slave-configurations=config-IoT-2G,config-AC-2G supported-bands=2ghz-n
/ip address
add address=10.43.210.254/24 comment=defconf interface=BRIDGE1 network=10.43.210.0
add address=93.83.243.146/30 interface=ether24 network=93.83.243.144
add address=10.43.220.254/24 interface=gast network=10.43.220.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=1m
/ip cloud advanced
set use-local-address=yes
/ip dhcp-server lease
add address=10.43.210.188 comment="Jal EG Wirtschaftsraum" mac-address=48:E1:E9:A9:55:DB server=DHCP-INTERN
add address=10.43.210.34 client-id=1:dc:a9:4:88:53:ba comment="MacBook Erik" mac-address=DC:A9:04:88:53:BA server=DHCP-INTERN
add address=10.43.210.181 comment="Jal OG Buero" mac-address=48:E1:E9:A9:59:97 server=DHCP-INTERN
add address=10.43.210.182 comment="Jal OG Schlafzimmer" mac-address=48:E1:E9:A2:4B:90 server=DHCP-INTERN
add address=10.43.210.183 comment="Jal OG Balkon" mac-address=48:E1:E9:A9:6B:99 server=DHCP-INTERN
add address=10.43.210.184 comment="Jal EG Veranda" mac-address=48:E1:E9:A2:4E:F6 server=DHCP-INTERN
add address=10.43.210.185 comment="Jal EG Kueche Sued" mac-address=48:E1:E9:A9:54:76 server=DHCP-INTERN
add address=10.43.210.186 comment="Jal EG Kueche West" mac-address=48:E1:E9:A9:51:6B server=DHCP-INTERN
add address=10.43.210.187 comment="Jal EG Wohnzimmer Nord" mac-address=48:E1:E9:A9:6A:93 server=DHCP-INTERN
add address=10.43.210.189 comment="Jal EG Wohnzimmer West" mac-address=48:E1:E9:A9:60:5B server=DHCP-INTERN
add address=10.43.210.201 comment="SWITCH HP ARUBA2530 48 POE OG" mac-address=A0:1D:48:34:0A:00 server=DHCP-INTERN
add address=10.43.210.35 comment=MacPro6 mac-address=00:3E:E1:BD:F9:55 server=DHCP-INTERN
add address=10.43.210.100 client-id=1:f0:92:1c:e7:4c:90 mac-address=F0:92:1C:E7:4C:90 server=DHCP-INTERN
add address=10.43.210.203 mac-address=48:A9:8A:47:38:14 server=DHCP-INTERN
add address=10.43.210.91 client-id=1:4:79:b7:b0:1a:f1 comment="Wechselrichter Kostal" mac-address=04:79:B7:B0:1A:F1 server=DHCP-INTERN
add address=10.43.210.92 client-id=1:0:d0:93:4d:41:11 mac-address=00:D0:93:4D:41:11 server=DHCP-INTERN
add address=10.43.210.212 client-id=1:d4:1:c3:94:99:9f mac-address=D4:01:C3:94:99:9F server=DHCP-INTERN
add address=10.43.210.214 client-id=1:d4:1:c3:97:b1:4 mac-address=D4:01:C3:97:B1:04 server=DHCP-INTERN
add address=10.43.210.211 client-id=1:c4:ad:34:58:8a:aa mac-address=C4:AD:34:58:8A:AA server=DHCP-INTERN
add address=10.43.210.213 client-id=1:d4:1:c3:4:f3:ff mac-address=D4:01:C3:04:F3:FF server=DHCP-INTERN
add address=10.43.210.3 client-id=1:0:8:9b:c3:cb:93 mac-address=00:08:9B:C3:CB:93 server=DHCP-INTERN
add address=10.43.210.2 client-id=1:0:8:9b:f1:be:ba mac-address=00:08:9B:F1:BE:BA server=DHCP-INTERN
add address=10.43.210.18 mac-address=F0:92:1C:E7:42:0F server=DHCP-INTERN
/ip dhcp-server network
add address=10.43.210.0/24 dns-server=10.43.210.1,10.43.210.11,8.8.8.8,192.168.121.201 domain=r403.local gateway=10.43.210.254 ntp-server=10.43.210.254
/ip dns
set allow-remote-requests=yes cache-max-ttl=1h servers=8.8.8.8
/ip firewall filter
add action=accept chain=input dst-port=4443,8291 protocol=tcp
add action=accept chain=input protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=forward protocol=icmp
add action=accept chain=forward disabled=yes dst-address=192.168.0.0/16 src-address=10.43.210.0/24
add action=drop chain=forward disabled=yes dst-address=10.43.210.0/24 src-address=192.168.10.0/24
add action=accept chain=forward dst-address=10.43.210.0/24 src-address=10.21.0.0/24
add action=accept chain=forward dst-address=10.21.0.0/24 src-address=10.43.210.0/24
add action=accept chain=forward dst-address=10.43.210.1 dst-port=443 protocol=tcp src-port=443
add action=accept chain=forward dst-address=213.33.98.136 dst-port=53 protocol=udp
add action=accept chain=input dst-address=10.43.210.2 dst-port=5000 in-interface-list=WAN protocol=tcp
add action=accept chain=forward dst-address=10.43.210.1 dst-port=443 in-interface-list=WAN protocol=tcp
add action=accept chain=forward
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment="defconf: accept in ipsec policy" in-interface=all-ppp ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input in-interface=ether24 protocol=ipsec-esp
add action=accept chain=input dst-port=500,1701,4500 in-interface=ether24 protocol=udp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=dstnat dst-address=10.43.210.11 dst-port=443 in-interface=ether24 protocol=tcp
/ip firewall nat
add action=accept chain=srcnat dst-address=10.21.0.0/24 src-address=10.43.210.0/24
add action=accept chain=srcnat dst-address=192.168.0.0/16 src-address=10.43.210.0/24
add action=dst-nat chain=dstnat comment="Forwarding rule" dst-port=5000 in-interface-list=WAN protocol=tcp src-port="" to-addresses=10.43.210.2 to-ports=5000
add action=masquerade chain=srcnat out-interface=ether24
/ip ipsec identity
add peer=G21
add comment=** mode-config=request-only peer=comp
/ip ipsec policy
set 0 disabled=yes proposal=proposal-comp
add dst-address=192.168.10.0/24 level=unique peer=comp proposal=proposal-comp src-address=10.43.210.0/24 tunnel=yes
add dst-address=192.168.121.0/24 level=unique peer=comp proposal=proposal-comp src-address=10.43.210.0/24 tunnel=yes
add dst-address=192.168.122.0/24 level=unique peer=comp proposal=proposal-comp src-address=10.43.210.0/24 tunnel=yes
add dst-address=192.168.70.0/24 level=unique peer=comp proposal=proposal-comp src-address=10.43.210.0/24 tunnel=yes
add dst-address=10.21.0.0/24 peer=G21 proposal=proposal-R403 src-address=10.43.210.0/24 tunnel=yes
add dst-address=192.168.50.0/24 level=unique peer=comp proposal=proposal-comp src-address=10.43.210.0/24 tunnel=yes
/ip proxy
set max-cache-size=100000KiB
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=93.83.243.145 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=10.0.0.0/8
set ssh address=10.0.0.0/8
set www-ssl address=10.0.0.0/8 certificate=cert1 disabled=no port=8443
set winbox address=10.0.0.0/8
/ip smb shares
set [ find default=yes ] directory=/flash/pub
/routing bfd configuration
add disabled=no interfaces=all min-rx=200us min-tx=200us multiplier=5
/system clock
set time-zone-name=Europe/Vienna
/system identity
set name=SW.OG.1
/system logging
add topics=debug,dhcp
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes
/system ntp client servers
add address=178.189.127.148
/system package update
set channel=testing
/system routerboard settings
set auto-upgrade=yes
/tool graphing interface
add
)
) -> different type of accesspoint (depending on the distance) -> because mikrotik is not able to provide the same technology for indoor+outdoor)