I need help with a little configuration that i´m having trouble finding the best way to do.
I have a mixed bridge/switch vlan using a RB2011-UiAS-2HnD.
I created a bridge and in that bridge i created my vlans, placed ether2,3,4,5 and sfp1 on the bridge with hardware offloading enabled configured my switch menu settings and all was fine until i needed to create an EoIP tunnel and bridge it with my vlan 99.
How can i keep hardware offload and vlans with this scenario.
This is my config export that is working but i know that its wrong but was the only way i thought of.
Thanks!
Code: Select all
# sep/25/2019 13:23:24 by RouterOS 6.44.5
# software id = FDR3-JLQH
#
# model = 2011UiAS-2HnD
# serial number = 576304AF5E44
/caps-man configuration
add country=brazil datapath.local-forwarding=yes name=CAPS_1 \
security.authentication-types=wpa-psk,wpa2-psk ssid=Emerson
/interface bridge
add admin-mac=4C:5E:0C:97:DD:54 auto-mac=no fast-forward=no name=\
"01 - Unsafe" priority=0x1000
add name="90 - CW - RW"
/interface ethernet
set [ find default-name=ether1 ] l2mtu=4074 mac-address=4C:5E:0C:97:DD:53 \
rx-flow-control=auto speed=100Mbps tx-flow-control=auto
set [ find default-name=ether2 ] l2mtu=4074 mac-address=4C:5E:0C:97:DD:54 \
rx-flow-control=auto speed=100Mbps tx-flow-control=auto
set [ find default-name=ether3 ] l2mtu=4074 mac-address=4C:5E:0C:97:DD:55 \
rx-flow-control=auto speed=100Mbps tx-flow-control=auto
set [ find default-name=ether4 ] l2mtu=4074 mac-address=4C:5E:0C:97:DD:56 \
rx-flow-control=auto speed=100Mbps tx-flow-control=auto
set [ find default-name=ether5 ] l2mtu=4074 mac-address=4C:5E:0C:97:DD:57 \
rx-flow-control=auto speed=100Mbps tx-flow-control=auto
set [ find default-name=ether6 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full l2mtu=2028 \
rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether7 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full l2mtu=2028 \
rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether8 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full l2mtu=2028 \
rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether9 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full l2mtu=2028 \
rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether10 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full l2mtu=2028 \
rx-flow-control=auto tx-flow-control=auto
set [ find default-name=sfp1 ] l2mtu=4074 mac-address=4C:5E:0C:97:DD:58 \
rx-flow-control=auto speed=100Mbps tx-flow-control=auto
/interface pppoe-client
add add-default-route=yes default-route-distance=0 disabled=no interface=\
ether1 keepalive-timeout=60 name=Vivo user=cliente@cliente
/interface eoip
add local-address=172.16.100.1 mac-address=00:00:5E:FF:FF:91 mtu=1500 name=\
20-Escritorio_EoIP remote-address=172.16.100.14 tunnel-id=10090
/interface vlan
add interface="01 - Unsafe" name="10 - Dados" vlan-id=10
add interface="01 - Unsafe" name="20 - CFTV" vlan-id=20
add interface="01 - Unsafe" name="30 - Voice" vlan-id=30
add interface="01 - Unsafe" name="40 - Guest" vlan-id=40
add interface="01 - Unsafe" name="99 - MGMT" vlan-id=99
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=1 vlan-mode=secure
set 2 default-vlan-id=1 vlan-mode=secure
set 3 default-vlan-id=1 vlan-mode=secure
set 4 default-vlan-id=1 vlan-mode=secure
set 5 default-vlan-id=1 vlan-mode=secure
set 11 default-vlan-id=1 vlan-mode=secure
/interface list
add name=Internet
add name=LAN
add name=Wan
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name=casa \
supplicant-identity=""
/interface wireless
# managed by CAPsMAN
# channel: 2452/20-Ce/gn(28dBm), SSID: Emerson, local forwarding
set [ find default-name=wlan1 ] antenna-gain=2 band=2ghz-b/g/n channel-width=\
20/40mhz-Ce disabled=no distance=indoors l2mtu=2028 mode=ap-bridge \
security-profile=casa ssid=Emerson wireless-protocol=802.11 wmm-support=\
enabled
/ip pool
add name="01 - Unsafe" ranges=192.168.100.100-192.168.100.254
add name=VPN ranges=172.16.100.2-172.16.100.14
add name="99 - MGMT" ranges=10.0.0.100-10.0.0.200
add name="10 - Dados" ranges=192.168.10.100-192.168.10.200
add name="20 - CFTV" ranges=192.168.20.100-192.168.20.200
add name="30 - Voice" ranges=192.168.30.100-192.168.30.200
add name="40 - Guest" ranges=172.16.40.2-172.16.40.200
/ip dhcp-server
add add-arp=yes address-pool="01 - Unsafe" authoritative=after-2sec-delay \
bootp-lease-time=lease-time bootp-support=dynamic disabled=no interface=\
"01 - Unsafe" lease-time=1h name="1 - Unsafe"
add add-arp=yes address-pool="99 - MGMT" bootp-lease-time=lease-time \
bootp-support=dynamic disabled=no interface="90 - CW - RW" lease-time=1h \
name="99 - MGMT"
add add-arp=yes address-pool="10 - Dados" bootp-lease-time=lease-time \
bootp-support=dynamic disabled=no interface="10 - Dados" lease-time=1h \
name="10 - Dados"
add add-arp=yes address-pool="20 - CFTV" bootp-lease-time=lease-time \
bootp-support=dynamic disabled=no interface="20 - CFTV" lease-time=1h \
name="20 - CFTV"
add add-arp=yes address-pool="30 - Voice" bootp-lease-time=lease-time \
bootp-support=dynamic disabled=no interface="30 - Voice" lease-time=1h \
name="30 - Voice"
add address-pool="40 - Guest" disabled=no interface="40 - Guest" lease-time=\
1h name="40 - Guest"
/ppp profile
add change-tcp-mss=yes local-address=172.16.100.1 name=VPN remote-address=VPN \
use-encryption=yes
/snmp community
set [ find default=yes ] addresses=10.0.0.0/24 name=connectway
/system logging action
add name=GrayLOG remote=10.0.0.100 remote-port=10514 src-address=10.0.0.1 \
target=remote
/caps-man manager
set enabled=yes
/caps-man manager interface
add disabled=no interface="01 - Unsafe"
add disabled=no forbid=yes interface=Vivo
add disabled=no
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=CAPS_1 name-format=\
identity name-prefix=CW
/interface bridge port
add bridge="01 - Unsafe" interface=ether2
add bridge="01 - Unsafe" interface=ether6
add bridge="01 - Unsafe" interface=wlan1
add bridge="01 - Unsafe" interface=ether3
add bridge="01 - Unsafe" interface=ether4
add bridge="01 - Unsafe" interface=ether5
add bridge="01 - Unsafe" interface=ether7
add bridge="01 - Unsafe" interface=ether8
add bridge="01 - Unsafe" interface=ether9
add bridge="01 - Unsafe" interface=ether10
add bridge="01 - Unsafe" interface=sfp1
add bridge="90 - CW - RW" interface=20-Escritorio_EoIP
add bridge="90 - CW - RW" interface="99 - MGMT"
/interface detect-internet
set detect-interface-list=Internet
/interface ethernet switch vlan
add independent-learning=yes ports=\
ether2,ether3,ether4,ether5,sfp1,switch1-cpu switch=switch1 vlan-id=1
add independent-learning=yes ports=\
ether2,ether3,ether4,ether5,sfp1,switch1-cpu switch=switch1 vlan-id=10
add independent-learning=yes ports=\
ether2,ether3,ether4,ether5,sfp1,switch1-cpu switch=switch1 vlan-id=20
add independent-learning=yes ports=\
ether2,ether3,ether4,ether5,sfp1,switch1-cpu switch=switch1 vlan-id=30
add independent-learning=yes ports=\
ether2,ether3,ether4,ether5,sfp1,switch1-cpu switch=switch1 vlan-id=40
add independent-learning=yes ports=\
ether2,ether3,ether4,ether5,sfp1,switch1-cpu switch=switch1 vlan-id=99
/interface l2tp-server server
set authentication=mschap1,mschap2 default-profile=VPN enabled=yes use-ipsec=\
yes
/interface list member
add interface=Vivo list=Internet
add interface="01 - Unsafe" list=LAN
add interface=sfp1 list=LAN
add interface="10 - Dados" list=LAN
add interface="20 - CFTV" list=LAN
add interface="30 - Voice" list=LAN
add interface="40 - Guest" list=LAN
add interface=ether1 list=Wan
add interface="99 - MGMT" list=LAN
/interface pptp-server server
set default-profile=VPN enabled=yes
/interface wireless cap
#
set discovery-interfaces="01 - Unsafe" enabled=yes interfaces=wlan1
/ip address
add address=192.168.100.1/24 interface="01 - Unsafe" network=192.168.100.0
add address=10.0.0.1/24 interface="90 - CW - RW" network=10.0.0.0
add address=192.168.10.1/24 interface="10 - Dados" network=192.168.10.0
add address=192.168.20.1/24 interface="20 - CFTV" network=192.168.20.0
add address=192.168.30.1/24 interface="30 - Voice" network=192.168.30.0
add address=172.16.40.1/24 interface="40 - Guest" network=172.16.40.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server lease
add address=192.168.100.2 mac-address=4C:5E:0C:6E:1B:C0 server="1 - Unsafe"
add address=10.0.0.50 mac-address=20:FD:F1:1F:22:06 server="99 - MGMT"
add address=192.168.20.50 comment=NVR mac-address=8C:E7:48:76:99:40 server=\
"20 - CFTV"
add address=10.0.0.20 mac-address=D0:BF:9C:00:E2:87 server="99 - MGMT"
add address=10.0.0.30 mac-address=D0:BF:9C:00:E2:84 server="99 - MGMT"
add address=10.0.0.61 mac-address=B0:BE:76:18:7C:12 server="99 - MGMT"
add address=10.0.0.60 mac-address=00:0C:29:17:02:9F server="99 - MGMT"
add address=192.168.10.10 comment=Dados mac-address=00:0C:29:8A:72:1D server=\
"10 - Dados"
add address=10.0.0.100 mac-address=00:0C:29:F6:BA:CC server="99 - MGMT"
add address=10.0.0.10 mac-address=00:0C:29:00:AA:EB server="99 - MGMT"
add address=10.0.0.62 mac-address=68:FF:7B:1A:46:36 server="99 - MGMT"
/ip dhcp-server network
add address=10.0.0.0/24 dns-server=10.0.0.1 gateway=10.0.0.1
add address=172.16.40.0/24 dns-server=172.16.40.1 gateway=172.16.40.1
add address=192.168.10.0/24 dns-server=192.168.10.10,192.168.10.1 gateway=\
192.168.10.1
add address=192.168.20.0/24 dns-server=192.168.20.1 gateway=192.168.20.1
add address=192.168.30.0/24 dns-server=192.168.30.1 gateway=192.168.30.1
add address=192.168.100.0/24 dns-server=192.168.100.1 gateway=192.168.100.1
add address=192.168.250.0/24 dns-server=192.168.250.1 gateway=192.168.250.1
/ip dns
set allow-remote-requests=yes servers=\
8.8.8.8,8.8.4.4,2001:4860:4860::8888,2001:4860:4860::8844
/ip firewall address-list
add address=192.168.100.0/24 list=Rede
add address=172.16.40.0/24 list=40-Guest
add address=127.0.0.1 list=Rede
add address=192.168.30.0/24 list=30-Voice
add address=192.168.10.0/24 list=10-Dados
add address=192.168.20.0/24 list=20-CFTV
add address=192.168.250.0/24 list="01 - Unsafe"
add address=10.0.0.0/24 list=Winbox
add address=10.0.0.0/24 list="99 - MGMT"
/ip firewall filter
add action=accept chain=input comment="Firewall Input" connection-state=\
established,related,untracked
add action=drop chain=input connection-state=invalid
add action=accept chain=input src-address-list=Rede
add action=accept chain=input src-address-list=Winbox
add action=accept chain=input comment=ConnectWAY src-address-list="99 - MGMT"
add action=accept chain=input src-address-list=10-Dados
add action=accept chain=input src-address-list=20-CFTV
add action=accept chain=input src-address-list=30-Voice
add action=accept chain=input src-address-list=40-Guest
add action=accept chain=input src-address-list="01 - Unsafe"
add action=jump chain=input comment=Liberados jump-target=TCP protocol=tcp
add action=jump chain=input jump-target=UDP protocol=udp
add action=accept chain=input protocol=gre
add action=drop chain=input
add action=accept chain=forward comment="Firewall Forward" connection-state=\
established,related,untracked
add action=drop chain=forward connection-state=invalid
add action=accept chain=forward src-address-list=Rede
add action=accept chain=forward comment=ConectWAY src-address-list=\
"01 - Unsafe"
add action=accept chain=forward src-address-list=10-Dados
add action=accept chain=forward src-address-list=20-CFTV
add action=accept chain=forward src-address-list=30-Voice
add action=accept chain=forward src-address-list=40-Guest
add action=accept chain=forward src-address-list="99 - MGMT"
add action=drop chain=forward connection-nat-state=!dstnat connection-state=\
new
add action=accept chain=UDP comment="Libera UDP" dst-port=4500 protocol=udp
add action=accept chain=UDP dst-port=500 protocol=udp
add action=return chain=UDP
add action=add-src-to-address-list address-list=Winbox address-list-timeout=\
1h chain=TCP comment="Libera TCP" dst-port=58291 protocol=tcp \
src-address-list=!Winbox
add action=accept chain=TCP dst-port=8291 protocol=tcp src-address-list=\
Winbox
add action=tarpit chain=TCP dst-port=8291 protocol=tcp src-address-list=\
!Winbox
add action=accept chain=TCP dst-port=1723 protocol=tcp
add action=accept chain=TCP dst-port=2000 protocol=tcp
add action=return chain=TCP
/ip firewall nat
add action=masquerade chain=srcnat comment=Rede out-interface=Vivo \
src-address-list=Rede
add action=masquerade chain=srcnat comment=ConnectWAY out-interface=Vivo \
src-address-list="01 - Unsafe"
add action=masquerade chain=srcnat out-interface=Vivo src-address-list=\
10-Dados
add action=masquerade chain=srcnat out-interface=Vivo src-address-list=\
20-CFTV
add action=masquerade chain=srcnat out-interface=Vivo src-address-list=\
30-Voice
add action=masquerade chain=srcnat out-interface=Vivo src-address-list=\
"99 - MGMT"
add action=masquerade chain=srcnat comment=Guest out-interface=Vivo \
src-address-list=40-Guest
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address-list=\
Rede out-interface="01 - Unsafe" src-address-list=Rede
# in/out-interface matcher not possible when interface (99 - MGMT) is slave - use master instead (90 - CW - RW)
add action=masquerade chain=srcnat dst-address-list="99 - MGMT" \
out-interface="99 - MGMT" src-address-list="99 - MGMT"
add action=masquerade chain=srcnat dst-address-list=10-Dados out-interface=\
"10 - Dados" src-address-list=10-Dados
add action=masquerade chain=srcnat dst-address-list=20-CFTV out-interface=\
"20 - CFTV" src-address-list=20-CFTV
add action=masquerade chain=srcnat dst-address-list=30-Voice out-interface=\
"30 - Voice" src-address-list=30-Voice
add action=dst-nat chain=dstnat comment=iLO dst-address-list=Internet \
dst-port=17988 protocol=tcp src-address-list=Winbox to-addresses=\
10.0.0.20 to-ports=17988
add action=dst-nat chain=dstnat dst-address-list=Internet dst-port=17990 \
protocol=tcp src-address-list=Winbox to-addresses=10.0.0.20 to-ports=\
17990
add action=dst-nat chain=dstnat dst-address-list=Internet dst-port=20443 \
protocol=tcp src-address-list=Winbox to-addresses=10.0.0.20 to-ports=443
add action=dst-nat chain=dstnat comment=ESXi dst-address-list=Internet \
dst-port=30443 protocol=tcp src-address-list=Winbox to-addresses=\
10.0.0.30 to-ports=443
add action=dst-nat chain=dstnat dst-address-list=Internet dst-port=10022 \
protocol=tcp src-address-list=Winbox to-addresses=10.0.0.30 to-ports=22
add action=dst-nat chain=dstnat comment=Zabbix dst-address-list=Internet \
dst-port=10080 protocol=tcp src-address-list=Winbox to-addresses=\
10.0.0.10 to-ports=80
add action=dst-nat chain=dstnat comment=Switch dst-address-list=Internet \
dst-port=50443 protocol=tcp src-address-list=Winbox to-addresses=\
10.0.0.50 to-ports=443
add action=dst-nat chain=dstnat dst-address-list=Internet dst-port=50022 \
protocol=tcp src-address-list=Winbox to-addresses=10.0.0.50 to-ports=22
add action=dst-nat chain=dstnat dst-address-list=Internet dst-port=50080 \
protocol=tcp src-address-list=Winbox to-addresses=10.0.0.50 to-ports=80
add action=dst-nat chain=dstnat comment="Servidores RDP" dst-address-list=\
Internet dst-port=43389 protocol=tcp src-address-list=Winbox \
to-addresses=192.168.10.10 to-ports=3389
add action=dst-nat chain=dstnat dst-address-list=Internet dst-port=53389 \
protocol=tcp src-address-list=Winbox to-addresses=192.168.10.100 \
to-ports=3389
add action=dst-nat chain=dstnat comment=Rina-AP dst-port=8292 in-interface=\
Vivo protocol=tcp src-address-list=Winbox to-addresses=192.168.100.2 \
to-ports=8291
add action=dst-nat chain=dstnat dst-port=8293 in-interface=Vivo protocol=tcp \
src-address-list=Winbox to-addresses=192.168.250.254 to-ports=8291
add action=dst-nat chain=dstnat comment=NVR dst-address-list=Internet \
dst-port=18080 protocol=tcp to-addresses=192.168.20.50 to-ports=18080
add action=dst-nat chain=dstnat dst-address-list=Internet dst-port=18000 \
protocol=tcp to-addresses=192.168.20.50 to-ports=18000
add action=dst-nat chain=dstnat dst-address-list=Internet dst-port=18554 \
protocol=tcp to-addresses=192.168.20.50 to-ports=18554
add action=dst-nat chain=dstnat dst-address-list=Internet dst-port=18443 \
protocol=tcp to-addresses=192.168.20.50 to-ports=18443
add action=dst-nat chain=dstnat comment=OMADA-SRV dst-address-list=Internet \
dst-port=10024 protocol=tcp src-address-list=Winbox to-addresses=\
10.0.0.60 to-ports=22
add action=dst-nat chain=dstnat dst-address-list=Internet dst-port=10025 \
protocol=tcp src-address-list=Winbox to-addresses=10.0.0.61 to-ports=80
add action=dst-nat chain=dstnat dst-address-list=Internet dst-port=50043 \
protocol=tcp src-address-list=Winbox to-addresses=10.0.0.60 to-ports=8088
add action=dst-nat chain=dstnat dst-address-list=Internet dst-port=8043 \
protocol=tcp src-address-list=Winbox to-addresses=10.0.0.60 to-ports=8043
/ip proxy
set enabled=yes port=3128
/ip route
add disabled=yes distance=1 dst-address=172.25.0.0/26 gateway=172.25.7.1
add disabled=yes distance=1 dst-address=172.25.1.0/26 gateway=172.25.7.1
add disabled=yes distance=1 dst-address=172.25.3.0/26 gateway=172.25.7.1
add disabled=yes distance=1 dst-address=172.25.4.0/24 gateway=172.25.7.1
add disabled=yes distance=1 dst-address=192.168.0.0/22 gateway=172.16.0.7 \
scope=10
add disabled=yes distance=1 dst-address=192.168.1.0/24 gateway=172.16.0.1 \
scope=10
add disabled=yes distance=1 dst-address=192.168.4.0/24 gateway=172.17.0.1
add disabled=yes distance=1 dst-address=192.168.99.0/24 gateway=192.168.99.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.100.0/24 disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ip upnp
set enabled=yes show-dummy-rule=no
/ip upnp interfaces
add interface=Vivo type=external
add interface="01 - Unsafe" type=internal
/ipv6 address
add address=::1 from-pool=Vivo interface="01 - Unsafe"
add address=::10:0:0:1/72 advertise=no from-pool=Vivo interface=sfp1
add address=::1/72 advertise=no from-pool=Vivo interface="10 - Dados"
add address=::1/72 advertise=no from-pool=Vivo interface="20 - CFTV"
add address=::1/72 advertise=no from-pool=Vivo interface="30 - Voice"
add address=::1/72 advertise=no from-pool=Vivo interface="40 - Guest"
/ipv6 dhcp-client
add add-default-route=yes interface=Vivo pool-name=Vivo pool-prefix-length=56 \
prefix-hint=::/56 request=prefix use-peer-dns=no
/ipv6 firewall address-list
add address=::/128 comment="Nao Especificados" list=bad_ipv6
add address=::1/128 comment=I/O list=bad_ipv6
add address=fec0::/10 comment=Site-local list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment=IPv4-mapped list=bad_ipv6
add address=::/96 comment="IPv4 compat" list=bad_ipv6
add address=100::/64 comment=Descartar list=bad_ipv6
add address=2001:db8::/32 comment=Documentacao list=bad_ipv6
add address=2001:10::/28 comment=ORCHID list=bad_ipv6
add address=3ffe::/16 comment=6bone list=bad_ipv6
add address=::224.0.0.0/100 comment=Outros list=bad_ipv6
add address=::127.0.0.0/104 comment=Outros list=bad_ipv6
add address=::/104 comment=Outros list=bad_ipv6
add address=::255.0.0.0/104 comment=Outros list=bad_ipv6
add address=8d1308b738af.sn.mynetname.net list=Winbox
/ipv6 firewall filter
add action=accept chain=input dst-port=8291 protocol=tcp src-address-list=\
Winbox
add action=accept chain=input connection-state=established,related,untracked
add action=drop chain=input connection-state=invalid
add action=accept chain=input protocol=icmpv6
add action=accept chain=input port=33434-33534 protocol=udp
add action=accept chain=input dst-port=546 protocol=udp src-address=fe80::/16
add action=accept chain=input dst-port=500,4500 protocol=udp
add action=accept chain=input protocol=ipsec-ah
add action=accept chain=input protocol=ipsec-esp
add action=accept chain=input ipsec-policy=in,ipsec
add action=accept chain=forward connection-state=\
established,related,untracked
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward src-address-list=bad_ipv6
add action=drop chain=forward dst-address-list=bad_ipv6
add action=drop chain=forward hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward protocol=icmpv6
add action=accept chain=forward protocol=139
add action=accept chain=forward dst-port=500,4500 protocol=udp
add action=accept chain=forward protocol=ipsec-ah
add action=accept chain=forward protocol=ipsec-esp
add action=accept chain=forward ipsec-policy=in,ipsec
add action=drop chain=input in-interface-list=!LAN
add action=accept chain=forward connection-state=\
established,related,untracked
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward src-address-list=bad_ipv6
add action=drop chain=forward dst-address-list=bad_ipv6
add action=drop chain=forward hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward protocol=icmpv6
add action=accept chain=forward protocol=139
add action=accept chain=forward dst-port=500,4500 protocol=udp
add action=accept chain=forward protocol=ipsec-ah
add action=accept chain=forward protocol=ipsec-esp
add action=accept chain=forward ipsec-policy=in,ipsec
add action=drop chain=forward in-interface-list=!LAN
/ipv6 nd
set [ find default=yes ] advertise-dns=yes interface="01 - Unsafe" \
other-configuration=yes
/lcd
set backlight-timeout=never default-screen=informative-slideshow \
read-only-mode=yes time-interval=hour
/lcd interface
set ether1 disabled=yes
set ether2 disabled=yes
set ether3 disabled=yes
set ether4 disabled=yes
set ether5 disabled=yes
set sfp1 disabled=yes
set *7 disabled=yes
set *8 disabled=yes
set *9 disabled=yes
set *A disabled=yes
set *B disabled=yes
set *C disabled=yes
set *D disabled=yes
set *E disabled=yes
set *F disabled=yes
set *10 disabled=yes
set *11 disabled=yes
set *12 disabled=yes
set *13 disabled=yes
set *14 disabled=yes
set *15 disabled=yes
set *16 disabled=yes
set *17 disabled=yes
set *18 disabled=yes
set *19 disabled=yes
add interface=Vivo timeout=1s
set ether6 disabled=yes
set ether7 disabled=yes
set ether8 disabled=yes
set ether9 disabled=yes
set ether10 disabled=yes
set wlan1 disabled=yes
/ppp secret
add name=connectway remote-address=172.16.100.14
add name=emerson
/snmp
set contact=<emerson@connectway.com.br> enabled=yes location=ConnectWAY \
src-address=10.0.0.1 trap-version=2
/system clock
set time-zone-name=America/Sao_Paulo
/system identity
set name=ConnectWAY
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=no display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set "99 - MGMT" disabled=yes display-time=5s
set "40 - Guest" disabled=yes display-time=5s
set "30 - Voice" disabled=yes display-time=5s
set "20 - CFTV" disabled=yes display-time=5s
set wlan1 disabled=yes display-time=5s
set sfp1 disabled=yes display-time=5s
set ether1 disabled=yes display-time=5s
set ether2 disabled=yes display-time=5s
set ether3 disabled=yes display-time=5s
set ether4 disabled=yes display-time=5s
set ether5 disabled=yes display-time=5s
set ether6 disabled=yes display-time=5s
set ether7 disabled=yes display-time=5s
set ether8 disabled=yes display-time=5s
set ether9 disabled=yes display-time=5s
set "10 - Dados" disabled=yes display-time=5s
set ether10 disabled=yes display-time=5s
set "01 - Unsafe" disabled=yes display-time=5s
set "20-Escritorio_EoIP" disabled=yes display-time=5s
set Rina-AP-1 disabled=yes display-time=5s
set Vivo disabled=yes display-time=5s
set "90 - CW - RW" disabled=yes display-time=5s
set ConnectWAY-1 disabled=yes display-time=5s
/system leds
add leds="" type=interface-activity
/system logging
add action=disk topics=critical
add action=disk topics=error
add action=disk topics=info
add action=disk topics=warning
add action=GrayLOG topics=web-proxy,!debug
add disabled=yes topics=web-proxy,!debug
/system ntp client
set enabled=yes primary-ntp=200.160.0.8 secondary-ntp=200.189.40.8
/system ntp server
set enabled=yes
/system package update
set channel=long-term
/system routerboard settings
set silent-boot=yes
/system scheduler
add name=LCD on-event="/lcd show screen=stats" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
add interval=1d name=on on-event="/lcd set enabled=yes" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=feb/14/2017 start-time=08:00:00
add interval=1d name=off on-event="/lcd set enabled=no" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=feb/14/2017 start-time=21:00:00
/tool romon
set enabled=yes id=00:00:00:00:00:01
/tool romon port
set [ find default=yes ] forbid=yes
add disabled=no interface=ether3