Audience 1
# aug/25/2021 14:26:08 by RouterOS 6.48.4
# software id = GZ05-6SV0
#
# model = RBD25G-5HPacQD2HPnD
# serial number = D5860CE8C249
/interface bridge
add admin-mac=48:8F:5A:CB:CB:03 auto-mac=no comment=defconf name=bridge
/interface pppoe-client
add add-default-route=yes allow=chap disabled=no interface=ether1 name=\
pppoe-out2 use-peer-dns=yes user=xxxxxxxxxxxxxx
/interface wireless
# managed by CAPsMAN
# channel: 2447/20-Ce/gn(16dBm), SSID: Lyndale2, local forwarding
set [ find default-name=wlan1 ] disabled=no ssid=MikroTik station-roaming=\
enabled
# managed by CAPsMAN
# channel: 5240/20-eeeC/ac/P(15dBm), SSID: Lyndale5, local forwarding
set [ find default-name=wlan2 ] disabled=no ssid=MikroTik station-roaming=\
enabled
/caps-man security
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm \
group-encryption=aes-ccm name=security
/caps-man configuration
add channel.band=2ghz-b/g/n channel.control-channel-width=20mhz \
channel.extension-channel=XX comment=defconf country="united kingdom" \
datapath.client-to-client-forwarding=yes datapath.local-forwarding=yes \
distance=indoors installation=indoor name=cfg-2ghz security=security \
ssid=Lyndale2
add channel.band=5ghz-onlyac channel.control-channel-width=20mhz \
channel.extension-channel=XXXX comment=defconf country="united kingdom" \
datapath.client-to-client-forwarding=yes datapath.local-forwarding=yes \
distance=indoors installation=indoor name=cfg-5ghz-ac security=security \
ssid=Lyndale5
add channel.band=5ghz-onlyac channel.control-channel-width=20mhz \
channel.extension-channel=XX comment=defconf country=no_country_set \
datapath.client-to-client-forwarding=yes datapath.local-forwarding=yes \
distance=indoors installation=indoor name=cfg-5ghz-an security=security \
ssid=Lyndale5
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk comment=defconf disable-pmkid=yes \
eap-methods="" mode=dynamic-keys name=wpsSync supplicant-identity=\
MikroTik
/interface wireless
set [ find default-name=wlan3 ] band=5ghz-onlyac channel-width=\
20/40/80/160mhz-XXXXXXXX country=no_country_set disabled=no distance=\
indoors frequency=5560 frequency-mode=superchannel mode=station-bridge \
security-profile=wpsSync ssid=SYNC-CBCB06
/ip pool
add name=dhcp ranges=192.168.1.100-192.168.1.150
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=1d name=defconf
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/caps-man manager
set enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add comment=defconf disabled=no interface=bridge
/caps-man provisioning
add action=create-dynamic-enabled comment=defconf hw-supported-modes=gn \
master-configuration=cfg-2ghz name-format=prefix-identity name-prefix=\
2ghz
add action=create-dynamic-enabled comment=defconf hw-supported-modes=ac \
master-configuration=cfg-5ghz-ac name-format=prefix-identity name-prefix=\
5ghz-ac
add action=create-dynamic-enabled comment=defconf hw-supported-modes=an \
master-configuration=cfg-5ghz-an name-format=prefix-identity name-prefix=\
5ghz-an
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge comment=defconf interface=wlan3
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out2 list=WAN
/interface wireless access-list
add interface=wlan3 mac-address=48:8F:5A:CB:C5:4A vlan-mode=no-tag
/interface wireless cap
#
set caps-man-addresses=127.0.0.1 enabled=yes interfaces=wlan1,wlan2
/interface wireless connect-list
add allow-signal-out-of-range=5m interface=wlan3 mac-address=\
48:8F:5A:CB:C5:4A security-profile=wpsSync
/ip address
add address=192.168.1.1/24 comment=defconf interface=bridge network=\
192.168.1.0
add address=192.168.5.1/24 interface=bridge network=192.168.5.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf dns-server=192.168.1.253 gateway=\
192.168.1.1
/ip dns
set allow-remote-requests=yes servers=192.168.1.253
/ip dns static
add address=192.168.1.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="OpenVPN 443 TCP" dst-port=443 \
in-interface=pppoe-out2 protocol=tcp to-addresses=192.168.5.2 to-ports=\
443
add action=dst-nat chain=dstnat comment="OpenVPN 443 UDP" dst-port=443 \
in-interface=pppoe-out2 protocol=udp to-addresses=192.168.5.2 to-ports=\
443
add action=dst-nat chain=dstnat comment="OpenVPN 1194 TCP" dst-port=1194 \
in-interface=pppoe-out2 protocol=tcp to-addresses=192.168.5.2 to-ports=\
1194
add action=dst-nat chain=dstnat comment="OpenVPN 1194 UDP" dst-port=1194 \
in-interface=pppoe-out2 protocol=udp to-addresses=192.168.5.2 to-ports=\
1194
/system clock
set time-zone-name=Europe/London
/system identity
set name=Lyndale1
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Audience 2
# aug/25/2021 14:29:21 by RouterOS 6.48.4
# software id = GK7T-MEWU
#
# model = RBD25G-5HPacQD2HPnD
# serial number = D5860CF48011
/interface bridge
add admin-mac=48:8F:5A:CB:C5:46 auto-mac=no comment=defconf name=bridgeLocal
/interface wireless
# managed by CAPsMAN
# channel: 2447/20-eC/gn(16dBm), SSID: Lyndale2, local forwarding
set [ find default-name=wlan1 ] disabled=no ssid=MikroTik station-roaming=\
enabled
# managed by CAPsMAN
# channel: 5180/20-Ceee/ac/P(15dBm), SSID: Lyndale5, local forwarding
set [ find default-name=wlan2 ] disabled=no ssid=MikroTik station-roaming=\
enabled
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=\
allowed mode=dynamic-keys name=wps_sync supplicant-identity=""
/interface wireless
set [ find default-name=wlan3 ] adaptive-noise-immunity=ap-and-client-mode \
band=5ghz-onlyac channel-width=20/40/80/160mhz-XXXXXXXX country=\
no_country_set default-authentication=no default-forwarding=no disabled=\
no distance=indoors frequency=5560 frequency-mode=superchannel mode=\
ap-bridge nv2-downlink-ratio=60 security-profile=wps_sync ssid=\
SYNC-CBCB06 station-roaming=enabled tdma-period-size=3
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal comment=defconf interface=ether2
add bridge=bridgeLocal comment=defconf interface=wlan1
add bridge=bridgeLocal comment=defconf interface=wlan2
add bridge=bridgeLocal comment=defconf interface=wlan3
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=wlan2 list=LAN
add interface=wlan3 list=LAN
add interface=wlan1 list=LAN
/interface wireless access-list
add allow-signal-out-of-range=5m interface=wlan3 mac-address=\
48:8F:5A:CB:CB:06 vlan-mode=no-tag
add allow-signal-out-of-range=5m interface=wlan3 mac-address=\
48:8F:5A:CB:C8:45 vlan-mode=no-tag
/interface wireless cap
#
set discovery-interfaces=bridgeLocal enabled=yes interfaces=wlan1,wlan2
/ip address
add address=192.168.1.2/24 interface=ether2 network=192.168.1.0
/ip dhcp-client
add comment=defconf interface=bridgeLocal
/ip dns
set servers=8.8.8.8
/ip route
add distance=1 gateway=192.168.1.1
/system clock
set time-zone-name=Europe/London
/system identity
set name=Lyndale2
Audience 3
# aug/25/2021 14:30:12 by RouterOS 6.48.4
# software id = U29V-Z5VB
#
# model = RBD25G-5HPacQD2HPnD
# serial number = D5860C633487
/interface bridge
add admin-mac=48:8F:5A:CB:C8:41 auto-mac=no comment=defconf name=bridgeLocal
/interface wireless
# managed by CAPsMAN
# channel: 2452/20-Ce/gn(16dBm), SSID: Lyndale2, local forwarding
set [ find default-name=wlan1 ] disabled=no ssid=MikroTik station-roaming=\
enabled
# managed by CAPsMAN
# channel: 5180/20-Ceee/ac/P(15dBm), SSID: Lyndale5, local forwarding
set [ find default-name=wlan2 ] disabled=no ssid=MikroTik station-roaming=\
enabled
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=\
wlan3-SYNC-CBCB06-repeater supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan3 ] band=5ghz-onlyac channel-width=\
20/40/80/160mhz-XXXXXXXX country=no_country_set disabled=no distance=\
indoors frequency=5560 frequency-mode=superchannel mode=station-bridge \
security-profile=wlan3-SYNC-CBCB06-repeater ssid=SYNC-CBCB06
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal comment=defconf interface=ether2
add bridge=bridgeLocal comment=defconf interface=wlan1
add bridge=bridgeLocal comment=defconf interface=wlan2
add bridge=bridgeLocal comment=defconf interface=wlan3
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=wlan2 list=LAN
add interface=wlan3 list=LAN
add interface=wlan1 list=LAN
/interface wireless cap
#
set caps-man-addresses=192.168.1.1 discovery-interfaces=bridgeLocal enabled=\
yes interfaces=wlan1,wlan2
/interface wireless connect-list
add allow-signal-out-of-range=5m interface=wlan3 mac-address=\
48:8F:5A:CB:C5:4A security-profile=wlan3-SYNC-CBCB06-repeater
/ip address
add address=192.168.1.3/24 interface=ether2 network=192.168.1.0
/ip dns
set servers=8.8.8.8
/ip route
add distance=1 gateway=192.168.1.1
/system clock
set time-zone-name=Europe/London
/system identity
set name=Lyndale3
