#RB2011 router
# apr/11/2014 12:24:02 by RouterOS 6.5
# software id = W5K8-11HQ
#
/interface bridge
add l2mtu=1594 name=bridge-guestnet protocol-mode=rstp
add admin-mac=4C:5E:0C:27:3B:47 auto-mac=no l2mtu=1598 name=bridge-local \
protocol-mode=rstp
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether6 ] name=ether6-master-local
set [ find default-name=ether7 ] master-port=ether6-master-local name=\
ether7-slave-local
set [ find default-name=ether8 ] master-port=ether6-master-local name=\
ether8-slave-local
set [ find default-name=ether9 ] master-port=ether6-master-local name=\
ether9-slave-local
set [ find default-name=ether10 ] name=ether10-uplink
/interface wireless
set [ find default-name=wlan1 ] disabled=no frequency=2462 hide-ssid=yes \
l2mtu=2290 mode=ap-bridge ssid="" wireless-protocol=802.11
/ip neighbor discovery
set ether1-gateway discover=no
set ether3 discover=no
/interface vlan
add interface=ether10-uplink l2mtu=1594 name=vlan13 vlan-id=1
add interface=ether10-uplink l2mtu=1594 name=vlan23 vlan-id=23
/interface wireless
add disabled=no l2mtu=2290 mac-address=4E:5E:0C:27:3B:51 master-interface=\
wlan1 name=wlan-hoffell ssid=Hoffell wds-cost-range=0 wds-default-cost=0
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\
otherpw wpa2-pre-shared-key=otherpw
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name=prfile-guest \
supplicant-identity="" wpa-pre-shared-key=guestnet wpa2-pre-shared-key=\
guestnet
/interface wireless
add disabled=no l2mtu=2290 mac-address=4E:5E:0C:27:3B:50 master-interface=\
wlan1 name=wlan-guestnet security-profile=prfile-guest ssid=guestnet \
wds-cost-range=0 wds-default-cost=0
/ip hotspot profile
set [ find default=yes ] login-by=cookie
add dns-name=hoffell-hotspot.local hotspot-address=192.168.0.1 login-by=\
cookie,http-pap name=hsprof1 rate-limit=256000 smtp-server=10.0.0.3
/ip pool
add name=dhcp_pool1 ranges=192.168.100.20-192.168.100.199
add name=dhcp_pool2 ranges=192.168.0.20-192.168.0.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge-local name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=bridge-guestnet name=dhcp2
/ip hotspot
add address-pool=dhcp_pool2 disabled=no interface=bridge-guestnet name=\
hotspot1 profile=hsprof1
/ip hotspot user profile
set [ find default=yes ] address-pool=dhcp_pool2 idle-timeout=none \
keepalive-timeout=2m mac-cookie-timeout=3d rate-limit=500000 \
shared-users=3
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local edge=no interface=ether5 point-to-point=yes
add bridge=bridge-guestnet interface=wlan-guestnet
add bridge=bridge-guestnet edge=no interface=vlan23
add bridge=bridge-local interface=wlan-hoffell
add bridge=bridge-local edge=no interface=ether10-uplink
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/interface ethernet switch port
set 4 default-vlan-id=0
set 5 default-vlan-id=0
/interface ethernet switch vlan
add independent-learning=no ports=ether5 switch=switch1 vlan-id=13
add independent-learning=no ports=ether5 switch=switch1 vlan-id=23
add ports=ether10-uplink switch=switch2 vlan-id=13
add ports=ether10-uplink switch=switch2 vlan-id=23
/ip address
add address=192.168.100.1/24 comment="default configuration" interface=\
bridge-local network=192.168.100.0
add address=192.168.0.1/24 interface=bridge-guestnet network=192.168.0.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
no interface=ether1-gateway
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=10.0.0.1 domain=guest.net gateway=\
192.168.0.1 netmask=24 ntp-server=193.4.194.10
add address=192.168.100.0/24 dns-server=10.0.0.1 domain=hoffell.local gateway=\
192.168.100.1 netmask=24 ntp-server=193.4.194.10 wins-server=192.168.100.1
/ip dns
set allow-remote-requests=yes servers=212.30.200.200,212.30.200.199
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=\
ether1-gateway
add chain=forward comment="default configuration" connection-state=\
established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
add action=drop chain=input dst-address=192.168.100.0/24 protocol=tcp \
src-address=192.168.0.0/24
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.0.0/24 to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.0.0/24 to-addresses=0.0.0.0
/ip hotspot user
add name=admin password=pwpwpwpw
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=1
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=H1
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=H2
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=H3
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=H4
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=H5
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=M1
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=M2
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=M3
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=M4
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=M5
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=M6
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=M7
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=M8
/ip hotspot walled-garden
add dst-host=htttp://
www.vedur.is src-address=192.168.0.0/24
add dst-host=htttp://
www.vegagerd.is src-address=192.168.0.0/24
add dst-host=htttp://
www.vegag.is src-address=192.168.0.0/24
add dst-host=htttp://
www.belgingur.is src-address=192.168.0.0/24
/ip service
set telnet disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip smb
set allow-guests=no domain=Hoffell enabled=yes interfaces=bridge-local
/lcd interface
set sfp1 interface=sfp1
set ether1-gateway interface=ether1-gateway
set ether2 interface=ether2
set ether3 interface=ether3
set ether4 interface=ether4
set ether5 interface=ether5
set ether6-master-local interface=ether6-master-local
set ether7-slave-local interface=ether7-slave-local
set ether8-slave-local interface=ether8-slave-local
set ether9-slave-local interface=ether9-slave-local
set ether10-uplink interface=ether10-uplink
set wlan1 interface=wlan1
/lcd interface pages
set 0 interfaces="sfp1,ether1-gateway,ether2,ether3,ether4,ether5,ether6-maste\
r-local,ether7-slave-local,ether8-slave-local,ether9-slave-local,ether10-u\
plink,wlan1"
/system clock
set time-zone-name=Atlantic/Reykjavik
/system identity
set name=ROUT1
/system ntp client
set enabled=yes mode=unicast primary-ntp=193.4.194.10 secondary-ntp=\
130.208.160.41
/system scheduler
add interval=1d name=rst-hspot-user-cnt on-event=rst-hspot-cnt policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=feb/25/2006 start-time=12:30:01
/system script
add name=rst-hspot-cnt policy=\
ftp,reboot,read,write,policy,test,winbox,password source=\
"/ip hotspot user reset-counters"
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=sfp1
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=sfp1
add interface=wlan1
add interface=bridge-local
/tool sniffer
set filter-interface=ether10-uplink streaming-server=192.168.100.1
#SXT AP G-5HnD r2, Distribution Bridge access point
# apr/11/2014 11:48:11 by RouterOS 6.1
# software id = RWIN-I709
#
/interface bridge
add l2mtu=1600 name=bidge-local protocol-mode=rstp
/interface wireless
set 0 antenna-gain=14 band=5ghz-a/n channel-width=20/40mhz-ht-above country=\
iceland disabled=no frequency=5200 ht-ampdu-priorities=0,1,2,3,4,5,6,7 \
ht-guard-interval=long ht-rxchains=0,1 ht-txchains=0,1 l2mtu=2290 mode=\
ap-bridge name=wlan-1 nv2-preshared-key=pwpwpwpw nv2-security=enabled \
ssid=DistrHF wds-default-bridge=bidge-local wds-ignore-ssid=yes wds-mode=\
static wireless-protocol=nv2
/interface wireless nstreme
set wlan-1 enable-polling=no framer-policy=dynamic-size
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods=\
passthrough mode=dynamic-keys supplicant-identity=MikroTik \
wpa2-pre-shared-key=pwpwpwpw
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/interface bridge port
add bridge=bidge-local edge=no interface=ether1
add bridge=bidge-local interface=wlan-1
/interface bridge settings
set use-ip-firewall-for-vlan=yes
/ip address
add address=192.168.100.10/24 interface=bidge-local network=192.168.100.0
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns
set servers=8.8.8.8
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Atlantic/Reykjavik
/system identity
set name=BR-AP1
/system leds
set 0 interface=wlan-1
/system ntp client
set enabled=yes mode=unicast primary-ntp=193.4.194.10 secondary-ntp=\
130.208.160.41
# SXT 5HPnD Brigdge station 1 thru 5
# apr/11/2014 10:47:19 by RouterOS 6.10
# software id = 3F35-G4HM
#
/interface bridge
add l2mtu=1598 name=bridge-local
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-onlyn channel-width=\
20/40mhz-ht-above disabled=no frequency=5200 l2mtu=2290 mode=\
station-bridge nv2-preshared-key=pwpwpwpw nv2-security=enabled ssid=\
DistrHF wds-default-bridge=bridge-local wds-mode=static \
wireless-protocol=nv2
/interface ethernet
set [ find default-name=ether1 ] mac-address=D4:CA:6D:D0:AC:8A name=\
ether1-local
/interface wireless nstreme
set wlan1 enable-nstreme=yes
/interface vlan
add interface=ether1-local l2mtu=1594 name=vlan13 vlan-id=13
/interface ethernet switch port
set 0 vlan-mode=disabled
set 1 vlan-mode=disabled
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
dynamic-keys supplicant-identity=MikroTik wpa2-pre-shared-key=pwpwpwpw
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/interface bridge port
add bridge=bridge-local edge=no interface=ether1-local
add bridge=bridge-local edge=no interface=wlan1 point-to-point=yes
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/ip address
add address=192.168.100.11/24 interface=bridge-local network=192.168.100.0
/ip dns
set servers=8.8.8.8
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip route
add distance=1 gateway=192.168.100.1
/ip upnp
set allow-disable-external-interface=no
/system clock
set time-zone-name=Atlantic/Reykjavik
/system identity
set name=BR-ST1
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes mode=unicast primary-ntp=193.4.194.10
# RB 951Ui-HPnD user Acesspoin 1 to 5 each powers theit relative SXT unit on port 5
# apr/11/2014 11:42:57 by RouterOS 6.5
# software id = PSL0-XTXG
#
/interface bridge
add l2mtu=1594 name=bridge-guestnet protocol-mode=rstp
add l2mtu=1598 name=bridge-local protocol-mode=rstp
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country=iceland disabled=no \
frequency=2437 frequency-mode=superchannel hide-ssid=yes l2mtu=2290 mode=\
ap-bridge ssid="" wireless-protocol=802.11
/interface eoip
add mac-address=00:00:5E:80:00:02 name=eoip-GW remote-address=192.168.0.1 \
tunnel-id=3
/ip neighbor discovery
set ether2 discover=no
/interface vlan
add interface=ether5 l2mtu=1594 name=vlan13 vlan-id=13
add interface=ether5 l2mtu=1594 name=vlan23 vlan-id=23
/interface wireless
add disabled=no l2mtu=2290 mac-address=D6:CA:6D:FB:FB:F1 master-interface=\
wlan1 name=wlan-hoffell ssid=Hoffell wds-cost-range=0 wds-default-bridge=\
bridge-local wds-default-cost=0
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\
otherpw wpa2-pre-shared-key=otherpw
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name=guestnet \
supplicant-identity="" wpa-pre-shared-key=guestnet wpa2-pre-shared-key=\
guestnet
/interface wireless
add disabled=no l2mtu=2290 mac-address=D6:CA:6D:FB:FB:F2 master-interface=\
wlan1 name=wlan-guestnet security-profile=guestnet ssid=guestnet \
wds-cost-range=0 wds-default-bridge=bridge-guestnet wds-default-cost=0
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/interface bridge port
add bridge=bridge-guestnet edge=no interface=vlan23
add bridge=bridge-guestnet edge=yes interface=wlan-guestnet
add bridge=bridge-local edge=no interface=ether5
add bridge=bridge-local edge=yes interface=wlan-hoffell
/interface bridge settings
set use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=yes
/ip address
add address=192.168.0.3/24 interface=eoip-GW network=192.168.0.0
add address=192.168.100.3/24 interface=bridge-local network=192.168.100.0
/ip dns
set servers=8.8.8.8
/system clock
set time-zone-name=Atlantic/Reykjavik
/system identity
set name=AP2
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes mode=unicast primary-ntp=193.4.194.10 secondary-ntp=\
130.208.160.41