Statistics: Posted by lpns — Sat Mar 30, 2024 12:36 am
Statistics: Posted by morphema — Sat Mar 30, 2024 12:30 am
Statistics: Posted by maxslug — Sat Mar 30, 2024 12:10 am
Statistics: Posted by Amm0 — Sat Mar 30, 2024 12:08 am
Statistics: Posted by NetTecture — Sat Mar 30, 2024 12:07 am
/disk/add type=nfs slot="Mounted_DIR_NAME" nfs-address="NAS_IP" nfs-share="Exported_DIR_NAME"
Statistics: Posted by Slys — Sat Mar 30, 2024 12:01 am
Statistics: Posted by ucdude — Fri Mar 29, 2024 11:58 pm
Statistics: Posted by bpwl — Fri Mar 29, 2024 11:57 pm
Statistics: Posted by LeoNaXe — Fri Mar 29, 2024 11:22 pm
Statistics: Posted by Larsa — Fri Mar 29, 2024 11:18 pm
Statistics: Posted by Scoox — Fri Mar 29, 2024 11:04 pm
Statistics: Posted by jaclaz — Fri Mar 29, 2024 11:02 pm
Statistics: Posted by holvoetn — Fri Mar 29, 2024 10:48 pm
Do you mean not to use "all ethernet" but to specify a specific single interface? That choice was made from the pull-down menu.I'd avoid using this ... AFAIK it's an interface-list (not interface)
Statistics: Posted by ckonsultor — Fri Mar 29, 2024 10:47 pm
:local if $interface:local ip $"lease-address":local gw $"gateway-address":if ($bound=1) do={ /routing table add fib name=$if comment=$if /routing rule add src-address=$ip table=$if action=lookup comment=$if /ip route add dst-address=0.0.0.0/0 routing-table=$if gateway=$if distance=20 } else { /ip route remove [find routing-table=$if] /routing rule remove [find table=$if] /routing table remove [find name name=$if]}
Statistics: Posted by Larsa — Fri Mar 29, 2024 10:39 pm
Statistics: Posted by ucdude — Fri Mar 29, 2024 10:13 pm
Please check which frequency your wifi1 interface chose.Neither my hAP ax2 nor my cAP ax, which I received today, show the 5 GHz SSID. Is this the same problem as what's being discussed here?
Statistics: Posted by Scoox — Fri Mar 29, 2024 10:12 pm
Statistics: Posted by anav — Fri Mar 29, 2024 10:03 pm
Double and triple shielded" USB 3 extension cables exists, but how much effective they are has to be seen.
Like most of issues where RF Is involved It Is - I believe - largely a hit and miss game.
Statistics: Posted by Nullcaller — Fri Mar 29, 2024 9:43 pm
Statistics: Posted by mkx — Fri Mar 29, 2024 9:25 pm
Statistics: Posted by sawa — Fri Mar 29, 2024 9:17 pm
/ip dhcp-server lease
add address=10.10.10.10 client-id=1:b8:69:///:aa mac-address=\
B8:69:F4:47:5D:AA server=server10
/ip dhcp-server network
add address=10.10.10.0/24 gateway=10.10.10.10 netmask=24
I'd avoid using this ... AFAIK it's an interface-list (not interface) and I'm scared of using anything automatic in ROS, most auto things have tendency to cause trouble.add action=dst-nat chain=dstnat dst-port=ZZZZ in-interface=all-ethernet \
protocol=tcp to-addresses=192.168.55.228 to-ports=22
Statistics: Posted by mkx — Fri Mar 29, 2024 9:15 pm
Statistics: Posted by ckonsultor — Fri Mar 29, 2024 9:07 pm
# mar/29/2024 14:13:50 by RouterOS 6.49.10# software id = 52xxx## model = RouterBOARD 952Ui-///# serial number = 71AF////interface wirelessset [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \ disabled=no distance=indoors frequency=auto installation=indoor mode=\ ap-bridge ssid=/// wireless-protocol=802.11 wps-mode=disabledset [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\ 20/40/80mhz-XXXX disabled=no distance=indoors frequency=auto \ installation=indoor mode=ap-bridge ssid=/// wireless-protocol=\ 802.11 wps-mode=disabled/interface bridgeadd admin-mac=B8:69:F4:1D:6B:C0 auto-mac=no comment=defconf name=bridge/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/interface wireless security-profilesset [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \ supplicant-identity=M/// wpa2-pre-shared-key=xxx/ip pooladd name=default-dhcp ranges=192.168.88.10-192.168.88.254add name=pool10 ranges=10.10.10.10-10.10.10.19/ip dhcp-serveradd address-pool=default-dhcp disabled=no interface=bridge name=defconfadd address-pool=pool10 disabled=no interface=ether3 name=server10/interface bridge portadd bridge=bridge comment=defconf interface=ether2add bridge=bridge comment=defconf disabled=yes interface=ether3add bridge=bridge comment=defconf interface=ether4add bridge=bridge comment=defconf interface=ether5add bridge=bridge comment=defconf interface=wlan1add bridge=bridge comment=defconf interface=wlan2/ip neighbor discovery-settingsset discover-interface-list=LAN/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=ether1 list=WANadd interface=ether3 list=LAN/ip addressadd address=192.168.88.1/24 comment=defconf interface=bridge network=\ 192.168.88.0add address=10.10.10.1/24 interface=ether3 network=10.10.10.0/ip dhcp-clientadd comment=defconf disabled=no interface=ether1/ip dhcp-server leaseadd address=192.168.88.245 mac-address=1C:6F:65:21:95:8C server=defconfadd address=192.168.88.239 client-id=1:14:cb:19:97:d6:ba mac-address=\ 14:CB:19:97:D6:BA server=defconfadd address=10.10.10.10 client-id=1:b8:69:///:aa mac-address=\ B8:69:F4:47:5D:AA server=server10add address=192.168.88.228 mac-address=B0:A4:/// server=defconfadd address=192.168.88.249 client-id=1:14:4f:8a:c7:36:a2 mac-address=\ 14:4F:8A:/// server=defconf/ip dhcp-server networkadd address=10.10.10.0/24 gateway=10.10.10.10 netmask=24add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\ 192.168.88.1/ip dnsset allow-remote-requests=yes/ip dns staticadd address=192.168.88.1 comment=defconf name=router.lan/ip firewall filteradd action=accept chain=input comment="defconf: accept dstnat" \ connection-nat-state=dstnat in-interface=all-ethernetadd action=accept chain=input comment="accept icmpt" in-interface=\ all-ethernet protocol=icmpadd action=accept chain=input comment="accept tcp" in-interface=all-ethernet \ protocol=tcpadd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related disabled=yesadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=accept chain=forward comment=" accept new " connection-state=newadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WANadd action=accept chain=output connection-nat-state=dstnat dst-port=22 \ protocol=tcp/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WANadd action=dst-nat chain=dstnat dst-port=YYYY protocol=tcp to-addresses=\ 192.168.55.247 to-ports=2222add action=dst-nat chain=dstnat dst-port=ZZZZ in-interface=all-ethernet \ protocol=tcp to-addresses=192.168.55.228 to-ports=22/ip routeadd distance=1 dst-address=192.168.55.0/24 gateway=10.10.10.10/ip serviceset ssh address=0.0.0.0/0/system clockset time-zone-name=America/New_York/system identityset name=MikroTik-gw/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LAN/tool snifferset filter-interface=bridge filter-operator-between-entries=and filter-port=\ ssh
Statistics: Posted by ckonsultor — Fri Mar 29, 2024 9:03 pm
Statistics: Posted by TheCat12 — Fri Mar 29, 2024 8:35 pm
But they did. And they made one bad decision. They made a monolithic package for ARM WIFI AC devices, called "wifi-qcom-ac". All these AC devices, except Audience and RB4011, are 16MB flash ones. Still they decided to bundle the firmware for QCA9984 in this package (viewtopic.php?p=1065363#p1065363). There are 2 (!) devices that even have that chipset builtin: Audience and RB4011. Both of these have 128MB NAND storage -> and plenty of space for waste.Mikrotik could have not made a "wifi-qcom-ac" driver — which likely avoid all these discussions — and just suggested folks upgrade to AX models.
Statistics: Posted by infabo — Fri Mar 29, 2024 8:27 pm
Statistics: Posted by mkx — Fri Mar 29, 2024 8:25 pm
Statistics: Posted by patrikg — Fri Mar 29, 2024 8:22 pm
Statistics: Posted by Josephny — Fri Mar 29, 2024 8:20 pm
Statistics: Posted by Amm0 — Fri Mar 29, 2024 8:08 pm
Statistics: Posted by infabo — Fri Mar 29, 2024 8:03 pm
Statistics: Posted by infabo — Fri Mar 29, 2024 7:48 pm
Statistics: Posted by anav — Fri Mar 29, 2024 7:48 pm
Statistics: Posted by Amm0 — Fri Mar 29, 2024 7:27 pm
Statistics: Posted by Seko777 — Fri Mar 29, 2024 7:22 pm
Statistics: Posted by qatar2022 — Fri Mar 29, 2024 7:18 pm
Statistics: Posted by Josephny — Fri Mar 29, 2024 7:12 pm
Statistics: Posted by Josephny — Fri Mar 29, 2024 7:09 pm
Statistics: Posted by holvoetn — Fri Mar 29, 2024 7:02 pm
Statistics: Posted by anav — Fri Mar 29, 2024 7:02 pm
Statistics: Posted by anav — Fri Mar 29, 2024 6:58 pm
Statistics: Posted by anav — Fri Mar 29, 2024 6:56 pm
Statistics: Posted by Josephny — Fri Mar 29, 2024 6:54 pm
Statistics: Posted by holvoetn — Fri Mar 29, 2024 6:49 pm
Statistics: Posted by holvoetn — Fri Mar 29, 2024 6:42 pm
Statistics: Posted by Amm0 — Fri Mar 29, 2024 6:38 pm
unplug 1 minute. holding the reset and then plugin in power.Buttons and jumpers
RouterBOOT reset button has the following functions:
Hold the button before powering on the device, and at power-up, the button will force load the backup boot loader. Continue holding the button for the other two functions of this button.
Release the button when the green LED starts flashing, to reset the RouterOS configuration. To not load the backup boot loader, you can start holding the button after power is already applied.
Release the button after LED is no longer flashing (~20 seconds) to cause the device to look for Netinstall servers (required for reinstalling RouterOS over the network).
Regardless of the above option used, the system will load the backup RouterBOOT loader if the button is pressed before power is applied to the device. Useful for RouterBOOT debugging and recovery.
Statistics: Posted by ucdude — Fri Mar 29, 2024 6:32 pm
Statistics: Posted by Amm0 — Fri Mar 29, 2024 6:31 pm
Statistics: Posted by AtisE — Fri Mar 29, 2024 6:31 pm
Statistics: Posted by Amm0 — Fri Mar 29, 2024 6:26 pm
Statistics: Posted by holvoetn — Fri Mar 29, 2024 6:25 pm
Statistics: Posted by Amm0 — Fri Mar 29, 2024 6:21 pm
Getic does a poor job with product descriptions…. Check the link to see how they describe the RB5009The most recent MT item I bought through Amazon came from Getic, one of MT’s primary distributors, possibly even #1.
Statistics: Posted by holvoetn — Fri Mar 29, 2024 6:19 pm
Statistics: Posted by Josephny — Fri Mar 29, 2024 6:14 pm
/tool/fetch url=https://letsencrypt.org/certs/lets-encrypt-r3.txt/tool/fetch url=https://letsencrypt.org/certs/isrg-root-x1-cross-signed.txt/certificate/import file-name=isrg-root-x1-cross-signed.txt/certificate/import file-name=lets-encrypt-r3.txt
Statistics: Posted by monteverdi — Fri Mar 29, 2024 6:11 pm
Statistics: Posted by BartoszP — Fri Mar 29, 2024 6:08 pm
Statistics: Posted by Amm0 — Fri Mar 29, 2024 5:58 pm
Statistics: Posted by mkx — Fri Mar 29, 2024 5:46 pm
Statistics: Posted by Amm0 — Fri Mar 29, 2024 5:43 pm
Statistics: Posted by Seko777 — Fri Mar 29, 2024 5:40 pm
Statistics: Posted by mkx — Fri Mar 29, 2024 5:37 pm
Statistics: Posted by jaclaz — Fri Mar 29, 2024 5:22 pm
Statistics: Posted by sirbryan — Fri Mar 29, 2024 5:06 pm
Statistics: Posted by mozerd — Fri Mar 29, 2024 5:01 pm
Statistics: Posted by anav — Fri Mar 29, 2024 4:58 pm
Statistics: Posted by Amm0 — Fri Mar 29, 2024 4:58 pm
# 2RouterOS 7.14.1# ## model = RBD52G-5HacD2HnD# /interface bridgeadd ingress-filtering=no name=bridge1 vlan-filtering=yes/interface pppoe-clientadd add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 \ use-peer-dns=yes user=/interface vlanadd interface=bridge1 name=vlan-ezio vlan-id=200add interface=bridge1 name=vlan-ufficio vlan-id=100/interface listadd name=WANadd name=LAN/ip pooladd name=dhcp_pool0 ranges=192.168.1.100-192.168.1.200add name=dhcp_pool1 ranges=10.0.0.100-10.0.0.200/ip dhcp-serveradd address-pool=dhcp_pool0 interface=vlan-ufficio name=dhcp1add address-pool=dhcp_pool1 interface=vlan-ezio name=dhcp2/queue typeadd fq-codel-limit=1000 fq-codel-quantum=300 fq-codel-target=12ms kind=fq-codel \ name=fq-codel/queue treeadd max-limit=30M name="Total Download" parent=bridge1 queue=fq-codeladd name="Other Traffic down" packet-mark=no-mark parent="Total Download" \ queue=fq-codeladd name=HyperBackup packet-mark=hyperbackup_packets parent="Total Download" \ priority=7 queue=fq-codeladd name=Ezio packet-mark=ezio_packets parent="Total Download" priority=6 \ queue=fq-codeladd name=Azienda packet-mark=azienda_packets parent="Total Download" priority=5 \ queue=fq-codeladd name=VoIP packet-mark=VoIP_packets parent="Total Download" priority=1 \ queue=fq-codeladd max-limit=3M name="Total Upload" parent=pppoe-out1 queue=fq-codeladd name=VoIP_Up packet-mark=VoIP_packets parent="Total Upload" priority=1 \ queue=fq-codeladd name=Azienda_Up packet-mark=azienda_packets parent="Total Upload" priority=\ 5 queue=fq-codeladd name=Ezio_Up packet-mark=ezio_packets parent="Total Upload" priority=6 \ queue=fq-codeladd name=Hyperbackup_Upload packet-mark=hyperbackup_packets parent=\ "Total Upload" priority=7 queue=fq-codeladd name="Other Traffic Upload" packet-mark=no-mark parent="Total Upload" \ queue=fq-codel/ip addressadd address=192.168.1.1/24 interface=vlan-ufficio network=192.168.1.0add address=10.0.0.1/24 interface=vlan-ezio network=10.0.0.0/ip dhcp-server networkadd address=10.0.0.0/24 dns-server=10.0.0.1 gateway=10.0.0.1add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1/ip firewall mangleadd action=mark-connection chain=forward comment="VoIP Conn" dst-address-list=\ VoipVoice new-connection-mark=VoIP_conn passthrough=yes src-address-list=\ LANadd action=mark-connection chain=forward dst-address-list=LAN \ new-connection-mark=VoIP_conn passthrough=yes src-address-list=VoipVoiceadd action=mark-packet chain=forward comment="VoIP Packets" connection-mark=\ VoIP_conn new-packet-mark=VoIP_packets passthrough=noadd action=mark-connection chain=forward comment="Hyper Backup Conn" \ dst-address=***** dst-port=61281 new-connection-mark=\ hyperbackup_conn out-interface=pppoe-out1 passthrough=yes protocol=tcpadd action=mark-packet chain=forward comment="Hyper Backup Packets" \ connection-mark=hyperbackup_conn new-packet-mark=hyperbackup_packets \ passthrough=noadd action=mark-connection chain=forward comment="Azienda Conn" \ new-connection-mark=azienda_conn out-interface=pppoe-out1 passthrough=yes \ src-address=192.168.1.0/24add action=mark-packet chain=forward comment="Azienda Packets" connection-mark=\ azienda_conn new-packet-mark=azienda_packets passthrough=noadd action=mark-connection chain=forward comment="Ezio Conn" \ new-connection-mark=ezio_conn out-interface=pppoe-out1 passthrough=yes \ src-address=10.0.0.0/24add action=mark-packet chain=forward comment="Ezio Packets" connection-mark=\ ezio_conn new-packet-mark=ezio_packets passthrough=no
Statistics: Posted by simonefil — Fri Mar 29, 2024 4:55 pm
Statistics: Posted by anav — Fri Mar 29, 2024 4:46 pm
Statistics: Posted by Amm0 — Fri Mar 29, 2024 4:36 pm
Statistics: Posted by araqiel — Fri Mar 29, 2024 4:32 pm
Example:/interface bridgeadd name=brtransit protocol-mode=none/interface macvlanadd interface=brtransit name=cust1tr1add interface=brtransit name=cust1tr2add interface=brtransit name=cust1tr3/interface macvlanadd interface=brtransit name=cust2tr1add interface=brtransit name=cust2tr2add interface=brtransit name=cust2tr3/interface macvlanadd interface=brtransit name=cust3tr1add interface=brtransit name=cust3tr2add interface=brtransit name=cust3tr3.../ip vrfadd name=cust1vrf interface=cust1tr1/ip vrfadd name=cust2vrf interface=cust2tr1/ip vrfadd name=cust3vrf interface=cust3tr1...
Statistics: Posted by emunt6 — Fri Mar 29, 2024 4:25 pm
delimiter=("\_")
Statistics: Posted by kevinds — Fri Mar 29, 2024 4:25 pm
Statistics: Posted by WeWiNet — Fri Mar 29, 2024 4:24 pm
This is unrelated to v7.15 release.This may be by default and supposed to work this way.
But, Using bgp, we had accidentally set redistribute static and connected in bgp.
We "thought" turning off our output network would turn off any outbound network advertisements. But, that static route still pushed to our upstream.
Statistics: Posted by gunther01 — Fri Mar 29, 2024 4:20 pm
Statistics: Posted by Amm0 — Fri Mar 29, 2024 4:20 pm
Statistics: Posted by anav — Fri Mar 29, 2024 4:12 pm
How can I figure out what's going wrong in future attempts to import config blocks into ax2 if importing the config to the same ac2 with blank config, with the same ROS & packages fails?
Statistics: Posted by Amm0 — Fri Mar 29, 2024 4:05 pm
Statistics: Posted by DeDMorozzzz — Fri Mar 29, 2024 3:59 pm
Statistics: Posted by anav — Fri Mar 29, 2024 3:58 pm
Statistics: Posted by holvoetn — Fri Mar 29, 2024 3:48 pm
ranges: 2402-2482/20 5170-5250/23/indoor 5250-5330/23/indoor/dfs 5490-5710/30/dfs
Statistics: Posted by Nullcaller — Fri Mar 29, 2024 3:45 pm
# 2024-03-29 18:36:08 by RouterOS 7.14.2# software id = DUKC-5YI2## model = C53UiG+5HPaxD2HPaxD# serial number = HEX091TBKZQ/interface bridgeadd name=bridge1/interface ethernetset [ find default-name=ether1 ] comment="cAP AX+Synology"set [ find default-name=ether2 ] comment=WANset [ find default-name=ether3 ] comment="Samsung TV"set [ find default-name=ether4 ] comment="Zhenyulka "set [ find default-name=ether5 ] comment=Holl/interface listadd name=WANadd name=LAN/interface wifi channeladd band=5ghz-ax disabled=no frequency=\ 5180,5320,5240,5725,5850,5955,6115,6295,6575,6815,7015,7100,7155,7195 \ name=channel1_5 skip-dfs-channels=all width=20/40/80mhzadd band=2ghz-n disabled=no frequency=2412,2437,2452,2472 name=channel2_2.4 \ skip-dfs-channels=all width=20mhz/interface wifi configurationadd channel=channel2_2.4 country=Russia disabled=no mode=ap name=cfg2_2.4 \ security.ft=yes ssid=MikroTik_2.4 tx-power=15/interface wifi datapathadd bridge=bridge1 disabled=no name=datapath1/interface wifi configurationadd country=Russia datapath=datapath1 datapath.bridge=bridge1 disabled=no \ mode=ap name=cfg1_5 security.ft=yes ssid=MikroTik_5 tx-power=15/interface wifi securityadd authentication-types=wpa2-psk,wpa3-psk disable-pmkid=no disabled=no \ encryption="" ft=yes group-encryption=ccmp group-key-update=30m \ management-protection=allowed name=sec1_5add authentication-types=wpa-psk,wpa2-psk disable-pmkid=no disabled=no \ encryption="" ft=no group-encryption=ccmp group-key-update=30m \ management-protection=allowed name=sec2_2/interface wifiadd channel=channel1_5 configuration=cfg1_5 configuration.mode=ap .tx-power=\ 15 datapath=datapath1 disabled=no name=cap-wifi1_5 radio-mac=\ 48:A9:8A:C5:3B:7A security=sec1_5 security.ft=yesadd channel=channel2_2.4 configuration=cfg2_2.4 configuration.mode=ap \ datapath=datapath1 disabled=no name=cap-wifi2_2.4 radio-mac=\ 48:A9:8A:C5:3B:7B security=sec2_2 security.ft=yesset [ find default-name=wifi1 ] channel=channel1_5 configuration=cfg1_5 \ configuration.mode=ap datapath=datapath1 disabled=no name=wifi1_5 \ security=sec1_5 security.ft=yesset [ find default-name=wifi2 ] channel=channel2_2.4 configuration=cfg2_2.4 \ configuration.mode=ap datapath=datapath1 disabled=no name=wifi2_2.4 \ security=sec2_2 security.ft=yes/ip kid-controladd fri=0s-1d mon=0s-1d name=system-dummy sat=0s-1d sun=0s-1d thu=0s-1d tue=\ 0s-1d tur-fri=0s-1d tur-mon=0s-1d tur-sat=0s-1d tur-sun=0s-1d tur-thu=\ 0s-1d tur-tue=0s-1d tur-wed=0s-1d wed=0s-1d/ip pooladd name=dhcp_pool1 ranges=192.168.1.2-192.168.1.35/ip dhcp-serveradd add-arp=yes address-pool=dhcp_pool1 interface=bridge1 lease-time=1h name=\ dhcp1/ip smb usersset [ find default=yes ] disabled=yes/system logging actionadd disk-file-name=usb1/log disk-lines-per-file=2000 name=usb1 target=disk/interface bridge portadd bridge=bridge1 interface=ether1add bridge=bridge1 interface=ether3add bridge=bridge1 interface=ether4add bridge=bridge1 interface=ether5add bridge=bridge1 interface=wifi1_5add bridge=bridge1 interface=wifi2_2.4/ip firewall connection trackingset tcp-established-timeout=15m/interface detect-internetset detect-interface-list=all/interface list memberadd interface=ether2 list=WANadd interface=bridge1 list=LAN/interface wifi access-listadd action=accept comment="Honor Magic4 Pro " disabled=no interface=any \ mac-address=68:A7:B4:18:F8:1Cadd action=accept comment="OnePlus 10 Pro" disabled=no interface=any \ mac-address=48:74:12:BF:18:87add action=accept comment="Yandex Station 1" disabled=no interface=\ cap-wifi2_2.4 mac-address=B8:87:6E:83:41:00add action=accept comment="Polaris PWK 1725CGLD" disabled=no interface=\ wifi2_2.4 mac-address=82:64:6F:A9:2D:8Fadd action=accept comment="Lamp 2" disabled=no interface=cap-wifi2_2.4 \ mac-address=A0:92:08:37:3A:39add action=accept comment="Grundig TV" disabled=no interface=wifi1_5 \ mac-address=BC:6B:FF:D8:74:E3add action=accept comment="Lamp 1" disabled=no interface=cap-wifi2_2.4 \ mac-address=A0:92:08:37:8E:55add action=accept comment="HONOR Choice Robot Cleaner R2+" disabled=no \ interface=any mac-address=20:67:E0:76:A8:9Cadd action=accept comment="Rozetka Smart Life" disabled=no interface=\ cap-wifi2_2.4 mac-address=C4:82:E1:2C:93:ACadd action=accept comment="Huawei mate 20X" disabled=no interface=any \ mac-address=48:3F:E9:66:62:EBadd action=accept comment="Yandex Station 2" disabled=no interface=wifi2_2.4 \ mac-address=3C:0B:4F:E6:A7:B4add action=accept comment="Xiaomi Mi Box S Gen 2" disabled=no interface=\ cap-wifi1_5 mac-address=4C:31:2D:ED:85:FBadd action=accept comment="OnePlus Nord CE 2 Lite 5G" disabled=no interface=\ any mac-address=48:74:12:E6:27:5Dadd action=accept comment="Realme C25S" disabled=no interface=any \ mac-address=E4:B5:03:2F:A9:EFadd action=reject comment="Blocking access to the WIFI network" disabled=no \ interface=any/interface wifi capsmanset ca-certificate=auto certificate=auto enabled=yes package-path="" \ require-peer-certificate=no upgrade-policy=require-same-version/interface wifi provisioningadd action=create-enabled disabled=no master-configuration=cfg2_2.4 \ name-format=cAP_2_2.4 radio-mac=00:00:00:00:00:00 supported-bands=2ghz-nadd action=create-enabled disabled=no master-configuration=cfg1_5 \ name-format=cAP_1_5 radio-mac=00:00:00:00:00:00 supported-bands=5ghz-ax/ip addressadd address=192.168.1.1/24 interface=bridge1 network=192.168.1.0/ip cloudset ddns-enabled=yes ddns-update-interval=30m/ip cloud advancedset use-local-address=yes/ip dhcp-clientadd interface=ether2/ip dhcp-server leaseadd address=192.168.1.8 client-id=1:c4:57:6e:75:3:c6 comment="Samsung TV" \ mac-address=C4:57:6E:75:03:C6 server=dhcp1add address=192.168.1.4 client-id=1:50:e5:49:85:7e:16 comment=\ "Comp Zhenyulka " mac-address=50:E5:49:85:7E:16 server=dhcp1add address=192.168.1.10 client-id=1:3c:83:75:e3:d4:98 comment=\ "Nokia 435 DS " mac-address=3C:83:75:E3:D4:98 server=dhcp1add address=192.168.1.12 client-id=1:48:5d:60:66:34:c6 comment="MSI notebook" \ mac-address=48:5D:60:66:34:C6 server=dhcp1add address=192.168.1.7 client-id=1:7c:a1:77:75:fc:2c comment=\ "Huawei Mate 10" mac-address=7C:A1:77:75:FC:2C server=dhcp1add address=192.168.1.16 client-id=1:0:11:32:1a:28:cb comment=\ "Synology DS 212J" mac-address=00:11:32:1A:28:CB server=dhcp1add address=192.168.1.18 client-id=1:b4:52:7d:68:d0:1b comment=\ "Sony Xperia Z" mac-address=B4:52:7D:68:D0:1B server=dhcp1add address=192.168.1.19 client-id=1:40:61:86:bb:db:38 comment=\ "MSI \ED\EE\F3\F2 (LAN)" mac-address=40:61:86:BB:DB:38 server=dhcp1add address=192.168.1.20 client-id=1:e0:24:81:45:49:68 comment="Honor 9X" \ mac-address=E0:24:81:45:49:68 server=dhcp1add address=192.168.1.21 client-id=1:48:3f:e9:66:62:eb comment=\ "Huawei mate 20X" mac-address=48:3F:E9:66:62:EB server=dhcp1add address=192.168.1.11 client-id=1:f8:1a:67:b6:1a:c8 comment="TP-Link WIFI" \ mac-address=F8:1A:67:B6:1A:C8 server=dhcp1add address=192.168.1.3 client-id=1:f0:2f:74:cb:72:52 comment="My comp" \ mac-address=F0:2F:74:CB:72:52 server=dhcp1add address=192.168.1.14 client-id=1:d4:8a:3b:5:a1:59 comment=\ "Xiaomi Mi Box S Gen 1" mac-address=D4:8A:3B:05:A1:59 server=dhcp1add address=192.168.1.23 client-id=1:f8:e4:3b:c7:dd:b5 comment=\ "Xiaomi Mi Box S (USB-LAN Adapter)" mac-address=F8:E4:3B:C7:DD:B5 server=\ dhcp1add address=192.168.1.26 comment=Lamp_2 mac-address=A0:92:08:37:3A:39 server=\ dhcp1add address=192.168.1.25 comment=Lamp_1 mac-address=A0:92:08:37:8E:55 server=\ dhcp1add address=192.168.1.17 client-id=1:e8:48:b8:f:96:f0 comment=\ "TP-Link Smart Swith" mac-address=E8:48:B8:0F:96:F0 server=dhcp1add address=192.168.1.27 client-id=1:b2:4c:ca:8d:a2:33 comment=\ "Google Pixel 6 Pro" mac-address=B2:4C:CA:8D:A2:33 server=dhcp1add address=192.168.1.5 client-id=1:68:a7:b4:18:f8:1c comment=\ "Honor magic 4 Pro" mac-address=68:A7:B4:18:F8:1C server=dhcp1add address=192.168.1.24 client-id=\ ff:6e:83:41:0:0:1:0:1:c7:92:bc:88:b8:87:6e:83:41:0 comment=\ "Yandex Station 1" mac-address=B8:87:6E:83:41:00 server=dhcp1add address=192.168.1.29 comment="Polaris PWK 1725CGLD" mac-address=\ 82:64:6F:A9:2D:8F server=dhcp1add address=192.168.1.9 comment="Rozetka Smart life" mac-address=\ C4:82:E1:2C:93:AC server=dhcp1add address=192.168.1.13 client-id=1:48:74:12:bf:18:87 comment=\ OnePlus-10-Pro-5G mac-address=48:74:12:BF:18:87 server=dhcp1add address=192.168.1.31 client-id=1:bc:6b:ff:d8:74:e3 comment="Grundig TV" \ mac-address=BC:6B:FF:D8:74:E3 server=dhcp1add address=192.168.1.2 client-id=1:48:a9:8a:c5:3b:78 comment=\ "Mikrotik cAP ax" mac-address=48:A9:8A:C5:3B:78 server=dhcp1 use-src-mac=\ yesadd address=192.168.1.28 comment="HONOR Choice Robot Cleaner R2 Plus " \ mac-address=20:67:E0:76:A8:9C server=dhcp1add address=192.168.1.6 client-id=\ ff:4f:e6:a7:b4:0:1:0:1:c7:92:bc:86:3c:b:5f:e6:a7:b4 comment=\ "Yandex Station 2" mac-address=3C:0B:4F:E6:A7:B4 server=dhcp1add address=192.168.1.30 client-id=1:4c:31:2d:ed:85:fb comment=\ "Xiaomi Mi Box S Gen 2" mac-address=4C:31:2D:ED:85:FB server=dhcp1add address=192.168.1.22 client-id=1:e4:b5:3:2f:a9:ef comment="Realme C25S" \ mac-address=E4:B5:03:2F:A9:EF server=dhcp1add address=192.168.1.15 client-id=1:48:74:12:e6:27:5d comment=\ "OnePlus Nord CE 2 Lite 5G" mac-address=48:74:12:E6:27:5D server=dhcp1/ip dhcp-server networkadd address=192.168.1.0/24 gateway=192.168.1.1/ip dnsset allow-remote-requests=yes cache-max-ttl=1d/ip firewall address-listadd list=ftp_blacklistadd address=109.195.96.1 list=DNSServersadd address=5.3.3.3 list=DNSServers/ip firewall filteradd action=fasttrack-connection chain=forward comment="FastTrack Connection" \ connection-state=established,related hw-offload=yesadd action=fasttrack-connection chain=forward hw-offload=yes in-interface=\ bridge1 out-interface=ether2add action=accept chain=input comment="Allow IGMP" in-interface=ether2 \ protocol=igmpadd action=accept chain=forward comment="IPTV UDP forwarding" dst-port=1234 \ protocol=udpadd action=drop chain=input comment="Drop hackers" in-interface-list=WAN \ src-address-list=BlackLisadd action=drop chain=input dst-port=53 in-interface=ether2 protocol=udp \ src-address-list="dns spoofing"add action=drop chain=input comment="drop ftp brute forcers" dst-port=\ 21,55536-55537 protocol=tcp src-address-list=ftp_blacklistadd action=drop chain=input src-address-list="Scanner Port"add action=accept chain=input protocol=icmpadd action=accept chain=input connection-state=establishedadd action=accept chain=input connection-state=relatedadd action=accept chain=input comment="Dostup snarugy" dst-port=8291 \ protocol=tcpadd action=accept chain=input comment="allow IPsec NAT" dst-port=4500 \ protocol=udpadd action=accept chain=input comment="allow IKE" dst-port=500 protocol=udpadd action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udpadd action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcpadd action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcpadd action=accept chain=input connection-state=established,relatedadd action=accept chain=forward connection-state=established,relatedadd action=accept chain=input in-interface=ether2 limit=50/5s,2:packet \ protocol=icmpadd action=accept chain=forward dst-port=80 in-interface=ether2 protocol=tcpadd action=accept chain=output content="530 Login incorrect" dst-limit=\ 1/1m,9,dst-address/1m protocol=tcpadd action=drop chain=forward connection-state=established,related \ in-interface=ether2 out-interface=bridge1add action=drop chain=forward connection-state=invalidadd action=drop chain=input connection-state=invalidadd action=drop chain=forward connection-state=invalidadd action=add-dst-to-address-list address-list=ftp_blacklist \ address-list-timeout=4w2d chain=output content="530 Login incorrect" \ protocol=tcpadd action=add-src-to-address-list address-list="dns spoofing" \ address-list-timeout=2h chain=input dst-port=53 in-interface=ether2 \ protocol=udpadd action=add-src-to-address-list address-list=BlackList chain=input \ comment="DDoS DNS" in-interface-list=WAN protocol=udp src-address-list=\ !DNSServers src-port=53add action=add-src-to-address-list address-list=BlackList chain=input \ comment="Drop external DNS connections" dst-port=53 in-interface-list=WAN \ protocol=udpadd action=add-src-to-address-list address-list=BlackList chain=input \ comment="Drop external DNS connections" dst-port=53 in-interface-list=WAN \ protocol=tcpadd action=accept chain=input comment=NTP-Allow dst-port=123 protocol=udp/ip firewall natadd action=masquerade chain=srcnat out-interface=ether2add action=dst-nat chain=dstnat dst-port=55536-55537 in-interface=ether2 log=\ yes protocol=tcp to-addresses=192.168.1.16 to-ports=55536-55537add action=dst-nat chain=dstnat dst-port=212 in-interface=ether2 log=yes \ protocol=tcp to-addresses=192.168.1.16 to-ports=212/ip serviceset telnet disabled=yesset ftp disabled=yesset www disabled=yesset ssh disabled=yesset api disabled=yesset api-ssl disabled=yes/ip smb sharesset [ find default=yes ] directory=/pub/ipv6 dhcp-clientadd interface=ether2 pool-name=ipv6-pool request=address,prefix/system clockset time-zone-name=Asia/Astana /system identityset name="MikroTik hAP AX^3"/system loggingset 0 action=usb1set 1 action=usb1set 2 action=usb1set 3 action=usb1/system noteset show-at-login=no/system ntp clientset enabled=yes/system ntp serverset enabled=yes manycast=yes multicast=yes/system ntp client serversadd address=ntp0.ntp-servers.netadd address=ntp2.ntp-servers.netadd address=ntp6.ntp-servers.net/system routerboard settingsset auto-upgrade=yes/tool romonset enabled=yes
Statistics: Posted by AtisE — Fri Mar 29, 2024 3:44 pm