Statistics: Posted by Amm0 — Fri Mar 29, 2024 5:58 pm
Statistics: Posted by mkx — Fri Mar 29, 2024 5:46 pm
Statistics: Posted by Amm0 — Fri Mar 29, 2024 5:43 pm
Statistics: Posted by Seko777 — Fri Mar 29, 2024 5:40 pm
Statistics: Posted by mkx — Fri Mar 29, 2024 5:37 pm
Statistics: Posted by jaclaz — Fri Mar 29, 2024 5:22 pm
Statistics: Posted by sirbryan — Fri Mar 29, 2024 5:06 pm
Statistics: Posted by mozerd — Fri Mar 29, 2024 5:01 pm
Statistics: Posted by anav — Fri Mar 29, 2024 4:58 pm
Statistics: Posted by Amm0 — Fri Mar 29, 2024 4:58 pm
# 2RouterOS 7.14.1# ## model = RBD52G-5HacD2HnD# /interface bridgeadd ingress-filtering=no name=bridge1 vlan-filtering=yes/interface pppoe-clientadd add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 \ use-peer-dns=yes user=/interface vlanadd interface=bridge1 name=vlan-ezio vlan-id=200add interface=bridge1 name=vlan-ufficio vlan-id=100/interface listadd name=WANadd name=LAN/ip pooladd name=dhcp_pool0 ranges=192.168.1.100-192.168.1.200add name=dhcp_pool1 ranges=10.0.0.100-10.0.0.200/ip dhcp-serveradd address-pool=dhcp_pool0 interface=vlan-ufficio name=dhcp1add address-pool=dhcp_pool1 interface=vlan-ezio name=dhcp2/queue typeadd fq-codel-limit=1000 fq-codel-quantum=300 fq-codel-target=12ms kind=fq-codel \ name=fq-codel/queue treeadd max-limit=30M name="Total Download" parent=bridge1 queue=fq-codeladd name="Other Traffic down" packet-mark=no-mark parent="Total Download" \ queue=fq-codeladd name=HyperBackup packet-mark=hyperbackup_packets parent="Total Download" \ priority=7 queue=fq-codeladd name=Ezio packet-mark=ezio_packets parent="Total Download" priority=6 \ queue=fq-codeladd name=Azienda packet-mark=azienda_packets parent="Total Download" priority=5 \ queue=fq-codeladd name=VoIP packet-mark=VoIP_packets parent="Total Download" priority=1 \ queue=fq-codeladd max-limit=3M name="Total Upload" parent=pppoe-out1 queue=fq-codeladd name=VoIP_Up packet-mark=VoIP_packets parent="Total Upload" priority=1 \ queue=fq-codeladd name=Azienda_Up packet-mark=azienda_packets parent="Total Upload" priority=\ 5 queue=fq-codeladd name=Ezio_Up packet-mark=ezio_packets parent="Total Upload" priority=6 \ queue=fq-codeladd name=Hyperbackup_Upload packet-mark=hyperbackup_packets parent=\ "Total Upload" priority=7 queue=fq-codeladd name="Other Traffic Upload" packet-mark=no-mark parent="Total Upload" \ queue=fq-codel/ip addressadd address=192.168.1.1/24 interface=vlan-ufficio network=192.168.1.0add address=10.0.0.1/24 interface=vlan-ezio network=10.0.0.0/ip dhcp-server networkadd address=10.0.0.0/24 dns-server=10.0.0.1 gateway=10.0.0.1add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1/ip firewall mangleadd action=mark-connection chain=forward comment="VoIP Conn" dst-address-list=\ VoipVoice new-connection-mark=VoIP_conn passthrough=yes src-address-list=\ LANadd action=mark-connection chain=forward dst-address-list=LAN \ new-connection-mark=VoIP_conn passthrough=yes src-address-list=VoipVoiceadd action=mark-packet chain=forward comment="VoIP Packets" connection-mark=\ VoIP_conn new-packet-mark=VoIP_packets passthrough=noadd action=mark-connection chain=forward comment="Hyper Backup Conn" \ dst-address=***** dst-port=61281 new-connection-mark=\ hyperbackup_conn out-interface=pppoe-out1 passthrough=yes protocol=tcpadd action=mark-packet chain=forward comment="Hyper Backup Packets" \ connection-mark=hyperbackup_conn new-packet-mark=hyperbackup_packets \ passthrough=noadd action=mark-connection chain=forward comment="Azienda Conn" \ new-connection-mark=azienda_conn out-interface=pppoe-out1 passthrough=yes \ src-address=192.168.1.0/24add action=mark-packet chain=forward comment="Azienda Packets" connection-mark=\ azienda_conn new-packet-mark=azienda_packets passthrough=noadd action=mark-connection chain=forward comment="Ezio Conn" \ new-connection-mark=ezio_conn out-interface=pppoe-out1 passthrough=yes \ src-address=10.0.0.0/24add action=mark-packet chain=forward comment="Ezio Packets" connection-mark=\ ezio_conn new-packet-mark=ezio_packets passthrough=no
Statistics: Posted by simonefil — Fri Mar 29, 2024 4:55 pm
Statistics: Posted by anav — Fri Mar 29, 2024 4:46 pm
Statistics: Posted by Amm0 — Fri Mar 29, 2024 4:36 pm
Statistics: Posted by araqiel — Fri Mar 29, 2024 4:32 pm
Example:/interface bridgeadd name=brtransit protocol-mode=none/interface macvlanadd interface=brtransit name=cust1tr1add interface=brtransit name=cust1tr2add interface=brtransit name=cust1tr3/interface macvlanadd interface=brtransit name=cust2tr1add interface=brtransit name=cust2tr2add interface=brtransit name=cust2tr3/interface macvlanadd interface=brtransit name=cust3tr1add interface=brtransit name=cust3tr2add interface=brtransit name=cust3tr3.../ip vrfadd name=cust1vrf interface=cust1tr1/ip vrfadd name=cust2vrf interface=cust2tr1/ip vrfadd name=cust3vrf interface=cust3tr1...
Statistics: Posted by emunt6 — Fri Mar 29, 2024 4:25 pm
delimiter=("\_")
Statistics: Posted by kevinds — Fri Mar 29, 2024 4:25 pm
Statistics: Posted by WeWiNet — Fri Mar 29, 2024 4:24 pm
This is unrelated to v7.15 release.This may be by default and supposed to work this way.
But, Using bgp, we had accidentally set redistribute static and connected in bgp.
We "thought" turning off our output network would turn off any outbound network advertisements. But, that static route still pushed to our upstream.
Statistics: Posted by gunther01 — Fri Mar 29, 2024 4:20 pm
Statistics: Posted by Amm0 — Fri Mar 29, 2024 4:20 pm
Statistics: Posted by anav — Fri Mar 29, 2024 4:12 pm
How can I figure out what's going wrong in future attempts to import config blocks into ax2 if importing the config to the same ac2 with blank config, with the same ROS & packages fails?
Statistics: Posted by Amm0 — Fri Mar 29, 2024 4:05 pm
Statistics: Posted by DeDMorozzzz — Fri Mar 29, 2024 3:59 pm
Statistics: Posted by anav — Fri Mar 29, 2024 3:58 pm
Statistics: Posted by holvoetn — Fri Mar 29, 2024 3:48 pm
ranges: 2402-2482/20 5170-5250/23/indoor 5250-5330/23/indoor/dfs 5490-5710/30/dfs
Statistics: Posted by Nullcaller — Fri Mar 29, 2024 3:45 pm
# 2024-03-29 18:36:08 by RouterOS 7.14.2# software id = DUKC-5YI2## model = C53UiG+5HPaxD2HPaxD# serial number = HEX091TBKZQ/interface bridgeadd name=bridge1/interface ethernetset [ find default-name=ether1 ] comment="cAP AX+Synology"set [ find default-name=ether2 ] comment=WANset [ find default-name=ether3 ] comment="Samsung TV"set [ find default-name=ether4 ] comment="Zhenyulka "set [ find default-name=ether5 ] comment=Holl/interface listadd name=WANadd name=LAN/interface wifi channeladd band=5ghz-ax disabled=no frequency=\ 5180,5320,5240,5725,5850,5955,6115,6295,6575,6815,7015,7100,7155,7195 \ name=channel1_5 skip-dfs-channels=all width=20/40/80mhzadd band=2ghz-n disabled=no frequency=2412,2437,2452,2472 name=channel2_2.4 \ skip-dfs-channels=all width=20mhz/interface wifi configurationadd channel=channel2_2.4 country=Russia disabled=no mode=ap name=cfg2_2.4 \ security.ft=yes ssid=MikroTik_2.4 tx-power=15/interface wifi datapathadd bridge=bridge1 disabled=no name=datapath1/interface wifi configurationadd country=Russia datapath=datapath1 datapath.bridge=bridge1 disabled=no \ mode=ap name=cfg1_5 security.ft=yes ssid=MikroTik_5 tx-power=15/interface wifi securityadd authentication-types=wpa2-psk,wpa3-psk disable-pmkid=no disabled=no \ encryption="" ft=yes group-encryption=ccmp group-key-update=30m \ management-protection=allowed name=sec1_5add authentication-types=wpa-psk,wpa2-psk disable-pmkid=no disabled=no \ encryption="" ft=no group-encryption=ccmp group-key-update=30m \ management-protection=allowed name=sec2_2/interface wifiadd channel=channel1_5 configuration=cfg1_5 configuration.mode=ap .tx-power=\ 15 datapath=datapath1 disabled=no name=cap-wifi1_5 radio-mac=\ 48:A9:8A:C5:3B:7A security=sec1_5 security.ft=yesadd channel=channel2_2.4 configuration=cfg2_2.4 configuration.mode=ap \ datapath=datapath1 disabled=no name=cap-wifi2_2.4 radio-mac=\ 48:A9:8A:C5:3B:7B security=sec2_2 security.ft=yesset [ find default-name=wifi1 ] channel=channel1_5 configuration=cfg1_5 \ configuration.mode=ap datapath=datapath1 disabled=no name=wifi1_5 \ security=sec1_5 security.ft=yesset [ find default-name=wifi2 ] channel=channel2_2.4 configuration=cfg2_2.4 \ configuration.mode=ap datapath=datapath1 disabled=no name=wifi2_2.4 \ security=sec2_2 security.ft=yes/ip kid-controladd fri=0s-1d mon=0s-1d name=system-dummy sat=0s-1d sun=0s-1d thu=0s-1d tue=\ 0s-1d tur-fri=0s-1d tur-mon=0s-1d tur-sat=0s-1d tur-sun=0s-1d tur-thu=\ 0s-1d tur-tue=0s-1d tur-wed=0s-1d wed=0s-1d/ip pooladd name=dhcp_pool1 ranges=192.168.1.2-192.168.1.35/ip dhcp-serveradd add-arp=yes address-pool=dhcp_pool1 interface=bridge1 lease-time=1h name=\ dhcp1/ip smb usersset [ find default=yes ] disabled=yes/system logging actionadd disk-file-name=usb1/log disk-lines-per-file=2000 name=usb1 target=disk/interface bridge portadd bridge=bridge1 interface=ether1add bridge=bridge1 interface=ether3add bridge=bridge1 interface=ether4add bridge=bridge1 interface=ether5add bridge=bridge1 interface=wifi1_5add bridge=bridge1 interface=wifi2_2.4/ip firewall connection trackingset tcp-established-timeout=15m/interface detect-internetset detect-interface-list=all/interface list memberadd interface=ether2 list=WANadd interface=bridge1 list=LAN/interface wifi access-listadd action=accept comment="Honor Magic4 Pro " disabled=no interface=any \ mac-address=68:A7:B4:18:F8:1Cadd action=accept comment="OnePlus 10 Pro" disabled=no interface=any \ mac-address=48:74:12:BF:18:87add action=accept comment="Yandex Station 1" disabled=no interface=\ cap-wifi2_2.4 mac-address=B8:87:6E:83:41:00add action=accept comment="Polaris PWK 1725CGLD" disabled=no interface=\ wifi2_2.4 mac-address=82:64:6F:A9:2D:8Fadd action=accept comment="Lamp 2" disabled=no interface=cap-wifi2_2.4 \ mac-address=A0:92:08:37:3A:39add action=accept comment="Grundig TV" disabled=no interface=wifi1_5 \ mac-address=BC:6B:FF:D8:74:E3add action=accept comment="Lamp 1" disabled=no interface=cap-wifi2_2.4 \ mac-address=A0:92:08:37:8E:55add action=accept comment="HONOR Choice Robot Cleaner R2+" disabled=no \ interface=any mac-address=20:67:E0:76:A8:9Cadd action=accept comment="Rozetka Smart Life" disabled=no interface=\ cap-wifi2_2.4 mac-address=C4:82:E1:2C:93:ACadd action=accept comment="Huawei mate 20X" disabled=no interface=any \ mac-address=48:3F:E9:66:62:EBadd action=accept comment="Yandex Station 2" disabled=no interface=wifi2_2.4 \ mac-address=3C:0B:4F:E6:A7:B4add action=accept comment="Xiaomi Mi Box S Gen 2" disabled=no interface=\ cap-wifi1_5 mac-address=4C:31:2D:ED:85:FBadd action=accept comment="OnePlus Nord CE 2 Lite 5G" disabled=no interface=\ any mac-address=48:74:12:E6:27:5Dadd action=accept comment="Realme C25S" disabled=no interface=any \ mac-address=E4:B5:03:2F:A9:EFadd action=reject comment="Blocking access to the WIFI network" disabled=no \ interface=any/interface wifi capsmanset ca-certificate=auto certificate=auto enabled=yes package-path="" \ require-peer-certificate=no upgrade-policy=require-same-version/interface wifi provisioningadd action=create-enabled disabled=no master-configuration=cfg2_2.4 \ name-format=cAP_2_2.4 radio-mac=00:00:00:00:00:00 supported-bands=2ghz-nadd action=create-enabled disabled=no master-configuration=cfg1_5 \ name-format=cAP_1_5 radio-mac=00:00:00:00:00:00 supported-bands=5ghz-ax/ip addressadd address=192.168.1.1/24 interface=bridge1 network=192.168.1.0/ip cloudset ddns-enabled=yes ddns-update-interval=30m/ip cloud advancedset use-local-address=yes/ip dhcp-clientadd interface=ether2/ip dhcp-server leaseadd address=192.168.1.8 client-id=1:c4:57:6e:75:3:c6 comment="Samsung TV" \ mac-address=C4:57:6E:75:03:C6 server=dhcp1add address=192.168.1.4 client-id=1:50:e5:49:85:7e:16 comment=\ "Comp Zhenyulka " mac-address=50:E5:49:85:7E:16 server=dhcp1add address=192.168.1.10 client-id=1:3c:83:75:e3:d4:98 comment=\ "Nokia 435 DS " mac-address=3C:83:75:E3:D4:98 server=dhcp1add address=192.168.1.12 client-id=1:48:5d:60:66:34:c6 comment="MSI notebook" \ mac-address=48:5D:60:66:34:C6 server=dhcp1add address=192.168.1.7 client-id=1:7c:a1:77:75:fc:2c comment=\ "Huawei Mate 10" mac-address=7C:A1:77:75:FC:2C server=dhcp1add address=192.168.1.16 client-id=1:0:11:32:1a:28:cb comment=\ "Synology DS 212J" mac-address=00:11:32:1A:28:CB server=dhcp1add address=192.168.1.18 client-id=1:b4:52:7d:68:d0:1b comment=\ "Sony Xperia Z" mac-address=B4:52:7D:68:D0:1B server=dhcp1add address=192.168.1.19 client-id=1:40:61:86:bb:db:38 comment=\ "MSI \ED\EE\F3\F2 (LAN)" mac-address=40:61:86:BB:DB:38 server=dhcp1add address=192.168.1.20 client-id=1:e0:24:81:45:49:68 comment="Honor 9X" \ mac-address=E0:24:81:45:49:68 server=dhcp1add address=192.168.1.21 client-id=1:48:3f:e9:66:62:eb comment=\ "Huawei mate 20X" mac-address=48:3F:E9:66:62:EB server=dhcp1add address=192.168.1.11 client-id=1:f8:1a:67:b6:1a:c8 comment="TP-Link WIFI" \ mac-address=F8:1A:67:B6:1A:C8 server=dhcp1add address=192.168.1.3 client-id=1:f0:2f:74:cb:72:52 comment="My comp" \ mac-address=F0:2F:74:CB:72:52 server=dhcp1add address=192.168.1.14 client-id=1:d4:8a:3b:5:a1:59 comment=\ "Xiaomi Mi Box S Gen 1" mac-address=D4:8A:3B:05:A1:59 server=dhcp1add address=192.168.1.23 client-id=1:f8:e4:3b:c7:dd:b5 comment=\ "Xiaomi Mi Box S (USB-LAN Adapter)" mac-address=F8:E4:3B:C7:DD:B5 server=\ dhcp1add address=192.168.1.26 comment=Lamp_2 mac-address=A0:92:08:37:3A:39 server=\ dhcp1add address=192.168.1.25 comment=Lamp_1 mac-address=A0:92:08:37:8E:55 server=\ dhcp1add address=192.168.1.17 client-id=1:e8:48:b8:f:96:f0 comment=\ "TP-Link Smart Swith" mac-address=E8:48:B8:0F:96:F0 server=dhcp1add address=192.168.1.27 client-id=1:b2:4c:ca:8d:a2:33 comment=\ "Google Pixel 6 Pro" mac-address=B2:4C:CA:8D:A2:33 server=dhcp1add address=192.168.1.5 client-id=1:68:a7:b4:18:f8:1c comment=\ "Honor magic 4 Pro" mac-address=68:A7:B4:18:F8:1C server=dhcp1add address=192.168.1.24 client-id=\ ff:6e:83:41:0:0:1:0:1:c7:92:bc:88:b8:87:6e:83:41:0 comment=\ "Yandex Station 1" mac-address=B8:87:6E:83:41:00 server=dhcp1add address=192.168.1.29 comment="Polaris PWK 1725CGLD" mac-address=\ 82:64:6F:A9:2D:8F server=dhcp1add address=192.168.1.9 comment="Rozetka Smart life" mac-address=\ C4:82:E1:2C:93:AC server=dhcp1add address=192.168.1.13 client-id=1:48:74:12:bf:18:87 comment=\ OnePlus-10-Pro-5G mac-address=48:74:12:BF:18:87 server=dhcp1add address=192.168.1.31 client-id=1:bc:6b:ff:d8:74:e3 comment="Grundig TV" \ mac-address=BC:6B:FF:D8:74:E3 server=dhcp1add address=192.168.1.2 client-id=1:48:a9:8a:c5:3b:78 comment=\ "Mikrotik cAP ax" mac-address=48:A9:8A:C5:3B:78 server=dhcp1 use-src-mac=\ yesadd address=192.168.1.28 comment="HONOR Choice Robot Cleaner R2 Plus " \ mac-address=20:67:E0:76:A8:9C server=dhcp1add address=192.168.1.6 client-id=\ ff:4f:e6:a7:b4:0:1:0:1:c7:92:bc:86:3c:b:5f:e6:a7:b4 comment=\ "Yandex Station 2" mac-address=3C:0B:4F:E6:A7:B4 server=dhcp1add address=192.168.1.30 client-id=1:4c:31:2d:ed:85:fb comment=\ "Xiaomi Mi Box S Gen 2" mac-address=4C:31:2D:ED:85:FB server=dhcp1add address=192.168.1.22 client-id=1:e4:b5:3:2f:a9:ef comment="Realme C25S" \ mac-address=E4:B5:03:2F:A9:EF server=dhcp1add address=192.168.1.15 client-id=1:48:74:12:e6:27:5d comment=\ "OnePlus Nord CE 2 Lite 5G" mac-address=48:74:12:E6:27:5D server=dhcp1/ip dhcp-server networkadd address=192.168.1.0/24 gateway=192.168.1.1/ip dnsset allow-remote-requests=yes cache-max-ttl=1d/ip firewall address-listadd list=ftp_blacklistadd address=109.195.96.1 list=DNSServersadd address=5.3.3.3 list=DNSServers/ip firewall filteradd action=fasttrack-connection chain=forward comment="FastTrack Connection" \ connection-state=established,related hw-offload=yesadd action=fasttrack-connection chain=forward hw-offload=yes in-interface=\ bridge1 out-interface=ether2add action=accept chain=input comment="Allow IGMP" in-interface=ether2 \ protocol=igmpadd action=accept chain=forward comment="IPTV UDP forwarding" dst-port=1234 \ protocol=udpadd action=drop chain=input comment="Drop hackers" in-interface-list=WAN \ src-address-list=BlackLisadd action=drop chain=input dst-port=53 in-interface=ether2 protocol=udp \ src-address-list="dns spoofing"add action=drop chain=input comment="drop ftp brute forcers" dst-port=\ 21,55536-55537 protocol=tcp src-address-list=ftp_blacklistadd action=drop chain=input src-address-list="Scanner Port"add action=accept chain=input protocol=icmpadd action=accept chain=input connection-state=establishedadd action=accept chain=input connection-state=relatedadd action=accept chain=input comment="Dostup snarugy" dst-port=8291 \ protocol=tcpadd action=accept chain=input comment="allow IPsec NAT" dst-port=4500 \ protocol=udpadd action=accept chain=input comment="allow IKE" dst-port=500 protocol=udpadd action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udpadd action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcpadd action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcpadd action=accept chain=input connection-state=established,relatedadd action=accept chain=forward connection-state=established,relatedadd action=accept chain=input in-interface=ether2 limit=50/5s,2:packet \ protocol=icmpadd action=accept chain=forward dst-port=80 in-interface=ether2 protocol=tcpadd action=accept chain=output content="530 Login incorrect" dst-limit=\ 1/1m,9,dst-address/1m protocol=tcpadd action=drop chain=forward connection-state=established,related \ in-interface=ether2 out-interface=bridge1add action=drop chain=forward connection-state=invalidadd action=drop chain=input connection-state=invalidadd action=drop chain=forward connection-state=invalidadd action=add-dst-to-address-list address-list=ftp_blacklist \ address-list-timeout=4w2d chain=output content="530 Login incorrect" \ protocol=tcpadd action=add-src-to-address-list address-list="dns spoofing" \ address-list-timeout=2h chain=input dst-port=53 in-interface=ether2 \ protocol=udpadd action=add-src-to-address-list address-list=BlackList chain=input \ comment="DDoS DNS" in-interface-list=WAN protocol=udp src-address-list=\ !DNSServers src-port=53add action=add-src-to-address-list address-list=BlackList chain=input \ comment="Drop external DNS connections" dst-port=53 in-interface-list=WAN \ protocol=udpadd action=add-src-to-address-list address-list=BlackList chain=input \ comment="Drop external DNS connections" dst-port=53 in-interface-list=WAN \ protocol=tcpadd action=accept chain=input comment=NTP-Allow dst-port=123 protocol=udp/ip firewall natadd action=masquerade chain=srcnat out-interface=ether2add action=dst-nat chain=dstnat dst-port=55536-55537 in-interface=ether2 log=\ yes protocol=tcp to-addresses=192.168.1.16 to-ports=55536-55537add action=dst-nat chain=dstnat dst-port=212 in-interface=ether2 log=yes \ protocol=tcp to-addresses=192.168.1.16 to-ports=212/ip serviceset telnet disabled=yesset ftp disabled=yesset www disabled=yesset ssh disabled=yesset api disabled=yesset api-ssl disabled=yes/ip smb sharesset [ find default=yes ] directory=/pub/ipv6 dhcp-clientadd interface=ether2 pool-name=ipv6-pool request=address,prefix/system clockset time-zone-name=Asia/Astana /system identityset name="MikroTik hAP AX^3"/system loggingset 0 action=usb1set 1 action=usb1set 2 action=usb1set 3 action=usb1/system noteset show-at-login=no/system ntp clientset enabled=yes/system ntp serverset enabled=yes manycast=yes multicast=yes/system ntp client serversadd address=ntp0.ntp-servers.netadd address=ntp2.ntp-servers.netadd address=ntp6.ntp-servers.net/system routerboard settingsset auto-upgrade=yes/tool romonset enabled=yes
Statistics: Posted by AtisE — Fri Mar 29, 2024 3:44 pm
Statistics: Posted by hatred — Fri Mar 29, 2024 3:39 pm
You would need to buy at least a hAP ax2.Maybe the solution is to buy some news HAP's?
Statistics: Posted by pe1chl — Fri Mar 29, 2024 3:39 pm
Statistics: Posted by giovanniv — Fri Mar 29, 2024 3:37 pm
Statistics: Posted by mozerd — Fri Mar 29, 2024 3:37 pm
Statistics: Posted by tookiehr — Fri Mar 29, 2024 3:30 pm
Statistics: Posted by Amm0 — Fri Mar 29, 2024 3:28 pm
Statistics: Posted by anav — Fri Mar 29, 2024 3:26 pm
How can I figure out what's going wrong in future attempts to import config blocks into ax2 if importing the config to the same ac2 with blank config, with the same ROS & packages fails?Best to use notepad/notepad++ and import config block by block using copy/paste on terminal, observing what is already present as default.
Be aware that i.e. the 2.4GHz radio on the ac2 is wifi1, while it is wifi2 on the ax2. And it is in a new menu structure, so better not import it, just set it manually.
Statistics: Posted by hatred — Fri Mar 29, 2024 3:25 pm
Statistics: Posted by anav — Fri Mar 29, 2024 3:21 pm
Statistics: Posted by Wlad3 — Fri Mar 29, 2024 3:21 pm
CAPsMAN disabled on Router and APs
Regarding the channel and dBm, do you know if setting the country in AP configs is enough to AP to ensure I'm using the allowed channels?
Also, the 30 dBm should be set in the TX power or in the antenna gain?
Statistics: Posted by Nullcaller — Fri Mar 29, 2024 3:19 pm
Statistics: Posted by anav — Fri Mar 29, 2024 3:18 pm
Statistics: Posted by sindy — Fri Mar 29, 2024 2:57 pm
Statistics: Posted by holvoetn — Fri Mar 29, 2024 2:52 pm
Statistics: Posted by sebus46 — Fri Mar 29, 2024 2:44 pm
export file=filename show-sensitive
export file=filename show-sensitive verbose
This is a different question, please note that I’m trying to import the config to the same ac2 with the same ROS & packages from which I just exported it.Be aware that i.e. the 2.4GHz radio on the ac2 is wifi1, while it is wifi2 on the ax2. And it is in a new menu structure, so better not import it, just set it manually.
Statistics: Posted by hatred — Fri Mar 29, 2024 2:44 pm
Statistics: Posted by Amm0 — Fri Mar 29, 2024 2:40 pm
Statistics: Posted by emunt6 — Fri Mar 29, 2024 2:35 pm
Statistics: Posted by tangent — Fri Mar 29, 2024 2:33 pm
Statistics: Posted by tangent — Fri Mar 29, 2024 2:26 pm
Statistics: Posted by holvoetn — Fri Mar 29, 2024 2:26 pm
Statistics: Posted by Amm0 — Fri Mar 29, 2024 2:22 pm
Statistics: Posted by jaclaz — Fri Mar 29, 2024 2:19 pm
Also, consider using the 4x4 radios for backhaul. Approximately 0% of client devices can do 4x4. You probably don't need it on the wifi itself. But your backhaul performance will improve. Especially if you're allowed to use channel 149 (5745 MHz) at 30 dBm in your country.
Trust me, with wireless backhaul, unless you have paper-thin walls, you really want to use that sweet 30 dBm TX power. Normally setting it that high is somewhat of a folly, as the client device can't answer the AP at the same power level. But in this case, the client device is an AP. So it totally can, and you'll get a big speed improvement both up and down, as well as improved stability.
Statistics: Posted by synchro — Fri Mar 29, 2024 2:19 pm
Statistics: Posted by Amm0 — Fri Mar 29, 2024 2:10 pm
Statistics: Posted by erlinden — Fri Mar 29, 2024 2:09 pm
Statistics: Posted by hatred — Fri Mar 29, 2024 2:05 pm
Statistics: Posted by ohilton576 — Fri Mar 29, 2024 1:57 pm
Statistics: Posted by holvoetn — Fri Mar 29, 2024 1:55 pm
Statistics: Posted by korg — Fri Mar 29, 2024 1:34 pm
Can this be real? Hap ax3 has 1GB of RAM.This is probably true-memory overflow, and subsequent reboot in order to clear it (at the moment, the rest of the memory is 30-35 MB)
Statistics: Posted by AtisE — Fri Mar 29, 2024 1:22 pm
Statistics: Posted by korg — Fri Mar 29, 2024 1:19 pm
Statistics: Posted by anav — Fri Mar 29, 2024 1:14 pm
Statistics: Posted by anav — Fri Mar 29, 2024 1:13 pm
Statistics: Posted by mkx — Fri Mar 29, 2024 1:05 pm
Statistics: Posted by holvoetn — Fri Mar 29, 2024 12:58 pm
Statistics: Posted by holvoetn — Fri Mar 29, 2024 12:55 pm
add client-endpoint=endpoint.dns.name endpoint-port=15847 allowed-address=192.168.34.3 interface=int-wireguard private-key="MC4CAQAwBQYDK2VuBCIEIKgK/XB5nVWICe7sgyj2psIBBJPjBtnrDJHbDnf6yrhn" public-key="MCowBQYDK2VuAyEAx99o0n3hPfnEJAmYtaIyVufc2veV9CaHSKE8ubFOKQc="
[Interface]ListenPort = 51820PrivateKey = MC4CAQAwBQYDK2VuBCIEIKgK/XB5nVWICe7sgyj2psIBBJPjBtnrDJHbDnf6yrhnAddress = 192.168.177.2/24[Peer]PublicKey = MTl3/lv1yI9r4t/FsJufTrFQy1iyqs1etDxMqzRaODU=AllowedIPs = 0.0.0.0/0, ::/0Endpoint = endpoint.dns.name:16321
Statistics: Posted by sebus46 — Fri Mar 29, 2024 12:40 pm
Statistics: Posted by holvoetn — Fri Mar 29, 2024 12:34 pm
Statistics: Posted by abdullanetworking — Fri Mar 29, 2024 12:26 pm
Statistics: Posted by infabo — Fri Mar 29, 2024 12:21 pm
Statistics: Posted by mrz — Fri Mar 29, 2024 12:19 pm
Statistics: Posted by CGGXANNX — Fri Mar 29, 2024 12:18 pm
Statistics: Posted by holvoetn — Fri Mar 29, 2024 12:16 pm
#model = L41G-2axD/interface bridgeadd name=bridge1 vlan-filtering=yes/interface wifiset [ find default-name=wifi1 ] channel.band=2ghz-ax .width=20/40mhz configuration.country=Spain .mode=ap .ssid=VLAN10-HOME disabled=no name=VLAN10-HOME/interface bridge portadd bridge=bridge1 interface=ether1add bridge=bridge1 interface=ether2add bridge=bridge1 interface=ether3add bridge=bridge1 interface=ether4add bridge=bridge1 interface=VLAN10-HOME pvid=10/interface bridge vlanadd bridge=bridge1 tagged=ether1 vlan-ids=10/ip dhcp-clientadd interface=bridge1/system noteset show-at-login=no/system routerboard settingsset auto-upgrade=yes
#model = L41G-2axD/interface bridgeadd name=bridge1/interface wifiset [ find default-name=wifi1 ] channel.band=2ghz-ax .frequency=2452 .width=20/40mhz-Ce configuration.country=Spain .mode=ap .ssid=VLAN10-TEST datapath.vlan-id=10 disabled=no name=VLAN10-TEST/interface bridge portadd bridge=bridge1 interface=ether2add bridge=bridge1 interface=ether1add bridge=bridge1 interface=ether3add bridge=bridge1 interface=ether4add bridge=bridge1 interface=VLAN10-TEST pvid=10/system noteset show-at-login=no/system routerboard settingsset auto-upgrade=yes
Statistics: Posted by fibracapi — Fri Mar 29, 2024 12:12 pm
Statistics: Posted by danriis — Fri Mar 29, 2024 12:04 pm
Statistics: Posted by collerok — Fri Mar 29, 2024 12:00 pm
Statistics: Posted by Adephx — Fri Mar 29, 2024 11:40 am
Favorite: one-on-one interaction with an expert. Second-best: well-written text (optionally with pictures). Least favorite: podcasts & youtube videos.What is your favorite way to learn?
Statistics: Posted by cmmike — Fri Mar 29, 2024 11:21 am
Statistics: Posted by bratislav — Fri Mar 29, 2024 11:14 am
Statistics: Posted by ondrejstepanek — Fri Mar 29, 2024 11:11 am
Statistics: Posted by Buckeye — Fri Mar 29, 2024 11:06 am
Statistics: Posted by DenisPDA — Fri Mar 29, 2024 11:05 am
version: 2.17status: ERROR: file not found
Statistics: Posted by Valathar — Fri Mar 29, 2024 11:04 am
host upgrade.mikrotik.comupgrade.mikrotik.com is an alias for global-balancer-e.mikrotik.com.global-balancer-e.mikrotik.com has address 159.148.147.251global-balancer-e.mikrotik.com has IPv6 address 2a02:610:7501:3000::251
whois 159.148.147.251inetnum: 159.148.147.226 - 159.148.147.255netname: MIKROTIKLSSIAabuse-c: AR23365-RIPEdescr: MIKROTIKLS SIAcountry: LV
Statistics: Posted by pe1chl — Fri Mar 29, 2024 11:03 am
Statistics: Posted by cmmike — Fri Mar 29, 2024 10:53 am
Yeah, that option exists but causes no CC at all (for me, anyway).That's why I suggested you using subtitles (forgot to mention with the option "Auto-translate" )
Statistics: Posted by Buckeye — Fri Mar 29, 2024 10:50 am
# 2024-03-29 11:18:42 by RouterOS 7.14.1## model = RBD52G-5HacD2HnD/caps-man channeladd band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled name=2.4ghz reselect-interval=30m save-selected=yes tx-power=17add band=5ghz-n/ac control-channel-width=20mhz extension-channel=XXXX name=5ghz reselect-interval=30m save-selected=yes/interface bridgeadd admin-mac=48:8F:5A:4F:18:FB arp=proxy-arp auto-mac=no comment=defconf name=bridge port-cost-mode=short/interface wireless# managed by CAPsMAN# channel: 2447/20-Ce/gn(14dBm), SSID: al, CAPsMAN forwardingset [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX country=israel distance=indoors frequency=auto installation=indoor keepalive-frames=disabled mode=ap-bridge multicast-buffering=disabled multicast-helper=disabled ssid=al-router-2.4G wireless-protocol=802.11 wmm-support=enabled wps-mode=disabled# managed by CAPsMAN# channel: 5260/20-Ceee/ac/DP(17dBm), SSID: al, CAPsMAN forwardingset [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country=israel distance=indoors frequency=auto installation=indoor keepalive-frames=disabled mode=ap-bridge multicast-buffering=disabled multicast-helper=disabled ssid=al-router-5G wireless-protocol=802.11 wmm-support=enabled/caps-man datapathadd bridge=bridge name=common/caps-man ratesadd basic=12Mbps name="no b" supported=12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps/caps-man securityadd authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=common/caps-man configurationadd channel=2.4ghz country=israel datapath=common distance=indoors hw-protection-mode=rts-cts installation=any name=2.4ghz rates="no b" security=common ssid=aladd channel=5ghz country=israel datapath=common distance=indoors hw-protection-mode=rts-cts installation=any name=5ghz rates="no b" security=common ssid=aladd channel=2.4ghz country=israel datapath=common distance=indoors hw-protection-mode=rts-cts installation=indoor name="2.4ghz: slave" rates="no b" security=common ssid=al-2.4/caps-man interfaceadd channel.extension-channel=XX .frequency=2412,2437,2462 configuration=2.4ghz disabled=no l2mtu=1600 mac-address=08:55:31:45:83:D8 master-interface=none name=2.4-cap-1 radio-mac=08:55:31:45:83:D8 radio-name=0855314583D8add configuration="2.4ghz: slave" configuration.installation=any disabled=no l2mtu=1600 mac-address=0A:55:31:45:83:D8 master-interface=2.4-cap-1 name=2.4-cap-1-1 radio-mac=00:00:00:00:00:00 radio-name=0A55314583D8add channel.extension-channel=Ce .frequency=2422,2447 configuration=2.4ghz disabled=no l2mtu=1600 mac-address=48:8F:5A:4F:18:FF master-interface=none name=2.4-router-1 radio-mac=48:8F:5A:4F:18:FF radio-name=488F5A4F18FFadd configuration="2.4ghz: slave" configuration.installation=any disabled=no l2mtu=1600 mac-address=4A:8F:5A:4F:18:FF master-interface=2.4-router-1 name=2.4-router-1-1 radio-mac=00:00:00:00:00:00 radio-name=4A8F5A4F18FFadd channel.control-channel-width=20mhz .extension-channel=Ceee .frequency=5180 .tx-power=25 configuration=5ghz disabled=no l2mtu=1600 mac-address=08:55:31:45:83:D9 master-interface=none name=5-cap-1 radio-mac=08:55:31:45:83:D9 radio-name=0855314583D9add channel.extension-channel=Ceee .frequency=5260 configuration=5ghz disabled=no l2mtu=1600 mac-address=48:8F:5A:4F:19:00 master-interface=none name=5-router-1 radio-mac=48:8F:5A:4F:19:00 radio-name=488F5A4F1900/interface listadd comment=defconf name=WANadd comment=defconf name=LANadd name=5ghzadd name=2.4ghz/interface lte apnset [ find default=yes ] ip-type=ipv4 use-network-apn=no/interface wireless security-profilesset [ find default=yes ] authentication-types=wpa-psk,wpa2-psk group-key-update=1h mode=dynamic-keys supplicant-identity=MikroTik/ip ipsec peeradd name=l2tpserver passive=yes/ip ipsec proposalset [ find default=yes ] auth-algorithms=sha256 enc-algorithms=3des/ip pooladd name=dhcp ranges=10.0.5.25-10.0.5.254add name=ovpn ranges=10.0.5.18-10.0.5.24/ip dhcp-serveradd address-pool=dhcp interface=bridge lease-script=":local scriptName \"dhcp2dns\"\n:do {\n :local scriptSrc [ /system script get [ find name=\$scriptName ] source ]\n :local scriptObj [ :parse \$scriptSrc ]\n \$scriptObj leaseBound=\$leaseBound leaseServerName=\$leaseServerName\_leaseActIP=\$leaseActIP leaseActMAC=\$leaseActMAC\n} on-error={ :log warning \"DHCP server '\$leaseServerName' lease script\_error\" };" lease-time=10m name=defconf/ip smb usersset [ find default=yes ] disabled=yes/ppp profileadd dns-server=10.0.5.17 interface-list=LAN local-address=10.0.5.17 name=ovpn remote-address=ovpn use-encryption=yes/queue treeadd comment="Uplink QoS" max-limit=105M name=QoS_ether1 parent=ether1 queue=wireless-defaultadd comment="Queue Priority 1" name="IP Precedence 7. Network Control (Top Priority) - ether1" packet-mark=ip_precedence_7 parent=QoS_ether1 priority=1 queue=wireless-defaultadd comment="Queue Priority 2" name="IP Precedence 6. Internetwork Control (High Priority) - ether1" packet-mark=ip_precedence_6 parent=QoS_ether1 priority=2 queue=wireless-defaultadd comment="Queue Priority 3" name="IP Precedence 5. Voice (Medium-High Priority) - ether1" packet-mark=ip_precedence_5 parent=QoS_ether1 priority=3 queue=wireless-defaultadd comment="Queue Priority 4" name="IP Precedence 4. Interactive Video (Medium Priority) - ether1" packet-mark=ip_precedence_4 parent=QoS_ether1 priority=4 queue=wireless-defaultadd comment="Queue Priority 5" name="IP Precedence 3. Critical Data or Call Signaling (Medium-Low Priority) - ether1" packet-mark=ip_precedence_3 parent=QoS_ether1 priority=5 queue=wireless-defaultadd comment="Queue Priority 6" name="IP Precedence 0. Best Effort (Low Priority) - ether1" packet-mark=no-mark parent=QoS_ether1 priority=6 queue=wireless-defaultadd comment="Queue Priority 7" name="IP Precedence 2. Background (Very Low Priority) - ether1" packet-mark=ip_precedence_2 parent=QoS_ether1 priority=7 queue=wireless-defaultadd comment="Queue Priority 8" name="IP Precedence 1. Scavenger (Bottom Priority) - ether1" packet-mark=ip_precedence_1 parent=QoS_ether1 queue=wireless-defaultadd comment="Downlink QoS" max-limit=990M name=QoS_bridge parent=bridge queue=wireless-defaultadd comment="Queue Priority 1" name="IP Precedence 7. Network Control (Top Priority) - bridge" packet-mark=ip_precedence_7 parent=QoS_bridge priority=1 queue=wireless-defaultadd comment="Queue Priority 2" name="IP Precedence 6. Internetwork Control (High Priority) - bridge" packet-mark=ip_precedence_6 parent=QoS_bridge priority=2 queue=wireless-defaultadd comment="Queue Priority 3" name="IP Precedence 5. Voice (Medium-High Priority) - bridge" packet-mark=ip_precedence_5 parent=QoS_bridge priority=3 queue=wireless-defaultadd comment="Queue Priority 4" name="IP Precedence 4. Interactive Video (Medium Priority) - bridge" packet-mark=ip_precedence_4 parent=QoS_bridge priority=4 queue=wireless-defaultadd comment="Queue Priority 5" name="IP Precedence 3. Critical Data or Call Signaling (Medium-Low Priority) - bridge" packet-mark=ip_precedence_3 parent=QoS_bridge priority=5 queue=wireless-defaultadd comment="Queue Priority 6" name="IP Precedence 0. Best Effort (Low Priority) - bridge" packet-mark=no-mark parent=QoS_bridge priority=6 queue=wireless-defaultadd comment="Queue Priority 7" name="IP Precedence 2. Background (Very Low Priority) - bridge" packet-mark=ip_precedence_2 parent=QoS_bridge priority=7 queue=wireless-defaultadd comment="Queue Priority 8" name="IP Precedence 1. Scavenger (Bottom Priority) - bridge" packet-mark=ip_precedence_1 parent=QoS_bridge queue=wireless-default/routing bgp templateset default disabled=no output.network=bgp-networks/routing ospf instanceadd disabled=no name=default-v2/routing ospf areaadd disabled=yes instance=default-v2 name=backbone-v2/caps-man access-listadd action=accept allow-signal-out-of-range=3s comment="5ghz: nice strong signal" disabled=no interface=5ghz signal-range=-76..120 ssid-regexp="" time=0s-1d,sun,mon,tue,wed,thu,fri,satadd action=accept allow-signal-out-of-range=10s comment="2.4ghz: client specifically wants 2.4ghz" disabled=no signal-range=-76..120 ssid-regexp=al-2.4 time=0s-1d,sun,mon,tue,wed,thu,fri,satadd action=accept allow-signal-out-of-range=3s comment="2.4ghz: client is probably too far for 5ghz" disabled=no interface=2.4ghz signal-range=-76..-56 ssid-regexp="" time=0s-1d,sun,mon,tue,wed,thu,fri,satadd action=accept allow-signal-out-of-range=3s comment="2.4ghz: client should know better" disabled=no interface=2.4ghz signal-range=-76..120 ssid-regexp="" time=0s-1d,sun,mon,tue,wed,thu,fri,satadd action=reject allow-signal-out-of-range=10s disabled=no signal-range=-120..120 ssid-regexp="" time=0s-1d,sun,mon,tue,wed,thu,fri,sat/caps-man managerset ca-certificate=CAPsMAN-CA-488F5A4F18FA certificate=CAPsMAN-488F5A4F18FA enabled=yes require-peer-certificate=yes upgrade-policy=require-same-version/caps-man manager interfaceadd disabled=no interface=bridge/caps-man provisioningadd action=create-enabled hw-supported-modes=g master-configuration=2.4ghz name-format=prefix-identity name-prefix=2.4 slave-configurations="2.4ghz: slave"add action=create-enabled hw-supported-modes=ac master-configuration=5ghz name-format=prefix-identity name-prefix=5/interface bridge portadd bridge=bridge comment=defconf ingress-filtering=no interface=ether2 internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf ingress-filtering=no interface=ether3 internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf ingress-filtering=no interface=ether4 internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf ingress-filtering=no interface=ether5 internal-path-cost=10 path-cost=10/ip firewall connection trackingset udp-timeout=10s/ip neighbor discovery-settingsset discover-interface-list=none/ip settingsset max-neighbor-entries=8192/ipv6 settingsset disable-ipv6=yes max-neighbor-entries=8192/interface l2tp-server serverset authentication=mschap1,mschap2 default-profile=default use-ipsec=required/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=ether1 list=WANadd interface=2.4-cap-1 list=2.4ghzadd interface=5-cap-1 list=5ghzadd interface=2.4-router-1 list=2.4ghzadd interface=5-router-1 list=5ghz/interface ovpn-server serverset auth=sha1 certificate=server cipher=blowfish128,aes128-cbc,aes192-cbc,aes256-cbc default-profile=ovpn enabled=yes port=443/interface wireless cap# set bridge=bridge caps-man-addresses=127.0.0.1 certificate=CAPsMAN-488F5A4F18FA discovery-interfaces=bridge enabled=yes interfaces=wlan2,wlan1 lock-to-caps-man=yes/ip addressadd address=10.0.5.1/24 comment=defconf interface=ether2 network=10.0.5.0/ip dhcp-clientadd comment=defconf interface=ether1/ip dhcp-server networkadd address=10.0.5.0/24 comment=defconf domain=lan gateway=10.0.5.1 netmask=24/ip dnsset allow-remote-requests=yes/ip dns staticadd address=10.0.5.1 comment=defconf name=router.lanadd address=10.0.5.4 name=printer.lanadd address=10.0.5.3 name=sip.lanadd address=10.0.5.5 name=nas.lanadd address=10.0.5.46 comment=defconf-08:55:31:45:83:D6 name=cap.lan ttl=10m/ip firewall address-listadd address=10.0.5.4 list=lan-only/ip firewall filteradd action=accept chain=input comment="Allow OpenVPN" dst-port=443 protocol=tcpadd action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=invalidadd action=accept chain=input comment="defconf: accept ICMP" disabled=yes protocol=icmpadd action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LANadd action=drop chain=forward comment="block untrusted local clients from accessing WAN" out-interface-list=WAN src-address-list=lan-onlyadd action=drop chain=forward comment="block the printer by MAC too, just in case" out-interface-list=WAN src-mac-address=30:CD:A7:1E:63:02add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsecadd action=accept chain=forward comment="bypass fasttrack for non-zero DSCP" connection-state=established,related dscp=!0add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yesadd action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" connection-state=invalidadd action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN/ip firewall mangleadd action=set-priority chain=postrouting comment="respect DSCP tagging" new-priority=from-dscp-high-3-bits passthrough=yesadd action=set-priority chain=postrouting comment="prioritize ACKs" new-priority=6 packet-size=0-123 passthrough=yes protocol=tcp tcp-flags=ackadd action=accept chain=postrouting comment="precedence 0 - best effort (low priority) (default)" priority=0add action=mark-packet chain=postrouting comment="IP Precedence (aka Packet Priority) 6 - Internetwork Control (High Priority) (apply packet mark ip_precedence_6)" new-packet-mark=ip_precedence_6 passthrough=no priority=6add action=mark-packet chain=postrouting comment="IP Precedence (aka Packet Priority) 1 - Scavenger (Bottom Priority) (apply packet mark ip_precedence_1)" new-packet-mark=ip_precedence_1 passthrough=no priority=1add action=mark-packet chain=postrouting comment="IP Precedence (aka Packet Priority) 2 - Background (Very Low Priority) (apply packet mark ip_precedence_2)" new-packet-mark=ip_precedence_2 passthrough=no priority=2add action=mark-packet chain=postrouting comment="IP Precedence (aka Packet Priority) 3 - Critical Data or Call Signaling (Medium-Low Priority) (apply packet mark ip_precedence_3)" new-packet-mark=ip_precedence_3 passthrough=no priority=3add action=mark-packet chain=postrouting comment="IP Precedence (aka Packet Priority) 4 - Interactive Video (Medium Priority) (apply packet mark ip_precedence_4)" new-packet-mark=ip_precedence_4 passthrough=no priority=4add action=mark-packet chain=postrouting comment="IP Precedence (aka Packet Priority) 5 - Voice (Medium-High Priority) (apply packet mark ip_precedence_5)" new-packet-mark=ip_precedence_5 passthrough=no priority=5add action=mark-packet chain=postrouting comment="IP Precedence (aka Packet Priority) 7 - Network Control (Top Priority) (apply packet mark ip_precedence_7)" new-packet-mark=ip_precedence_7 passthrough=no priority=7/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN/ip firewall service-portset sip ports=5060,5061,5065/ip ipsec identityadd generate-policy=port-override peer=l2tpserver/ip ipsec policyset 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0/ip serviceset telnet disabled=yesset ftp disabled=yesset www disabled=yesset www-ssl certificate=webfig disabled=no port=444set api disabled=yesset api-ssl disabled=yes/ip smb sharesset [ find default=yes ] directory=/flash/pub/ip sshset strong-crypto=yes/ip traffic-flowset enabled=yes/ip traffic-flow targetadd dst-address=0.0.0.0 port=1234 version=5/ip upnpset enabled=yes/ip upnp interfacesadd interface=bridge type=internaladd interface=ether1 type=external/ppp secretadd name=admin profile=ovpnadd name=admin profile=*2 remote-address=10.0.9.1 service=l2tp/routing bfd configurationadd disabled=no/system clockset time-zone-name=Asia/Jerusalem/system identityset name=router/system noteset show-at-login=no/system ntp clientset enabled=yes/system ntp client serversadd address=pool.ntp.org/system scriptadd comment="reflect dhcp leases in dns" dont-require-permissions=no name=dhcp2dns owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="###\ \n# Script entry point\ \n#\ \n# Expected environment variables:\ \n# leaseBound 1 = lease bound, 0 = lease removed\ \n# leaseServerName Name of DHCP server\ \n# leaseActIP IP address of DHCP client\ \n# leaseActMAC MAC address of DHCP client\ \n###\ \n\ \n:local LogPrefix \"DHCP2DNS (\$leaseServerName)\"\ \n\ \n# \"a.b.c.d\" -> \"a-b-c-d\" for IP addresses used as replacement for missing host names\ \n:local ip2Host do={\ \n :local outStr\ \n :for i from=0 to=([:len \$inStr] - 1) do={\ \n :local tmp [:pick \$inStr \$i];\ \n :if (\$tmp =\".\") do={\ \n :set tmp \"-\"\ \n }\ \n :set outStr (\$outStr . \$tmp)\ \n }\ \n :return \$outStr\ \n}\ \n\ \n:local mapHostName do={\ \n# param: name\ \n# max length = 63\ \n# allowed chars a-z,0-9,-\ \n :local allowedChars \"abcdefghijklmnopqrstuvwxyz0123456789-\";\ \n :local numChars [:len \$name];\ \n :if (\$numChars > 63) do={:set numChars 63};\ \n :local result \"\";\ \n\ \n :for i from=0 to=(\$numChars - 1) do={\ \n :local char [:pick \$name \$i];\ \n :if ([:find \$allowedChars \$char] < 0) do={:set char \"-\"};\ \n :set result (\$result . \$char);\ \n }\ \n :return \$result;\ \n}\ \n\ \n:local lowerCase do={\ \n# param: entry\ \n :local lower \"abcdefghijklmnopqrstuvwxyz\";\ \n :local upper \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\ \n :local result \"\";\ \n :for i from=0 to=([:len \$entry] - 1) do={\ \n :local char [:pick \$entry \$i];\ \n :local pos [:find \$upper \$char];\ \n :if (\$pos > -1) do={:set char [:pick \$lower \$pos]};\ \n :set result (\$result . \$char);\ \n }\ \n :return \$result;\ \n}\ \n\ \n:local token \"\$leaseServerName-\$leaseActMAC\";\ \n\ \n:if ( [ :len \$leaseActIP ] <= 0 ) do={\ \n :log error \"\$LogPrefix: empty lease address\"\ \n :error \"empty lease address\"\ \n}\ \n\ \n:if ( \$leaseBound = 1 ) do={\ \n\ \n# new DHCP lease added\ \n# :log info \"\$LogPrefix: new lease for \$token\"\ \n /ip dhcp-server\ \n :local dnsttl [ get [ find name=\$leaseServerName ] lease-time ]\ \n network\ \n :local domain [ get [ find \$leaseActIP in address ] domain ]\ \n :if ( [ :len \$domain ] <= 0 ) do={ :set domain \"lan\" }\ \n# :log info \"\$LogPrefix: DNS domain is \$domain\"\ \n\ \n :local hostname \"\"\ \n :do {\ \n :set hostname [/ip dhcp-server lease get value-name=host-name [find mac-address=\$leaseActMAC and server=\$leaseServerName]]\ \n } on-error={ :log warning \"\$LogPrefix: failed to retrieve hostname for \$token\" }\ \n# :log info \"\$LogPrefix: DHCP hostname is \$hostname\"\ \n\ \n#Hostname cleanup\ \n :if ( [ :len \$hostname ] <= 0 ) do={\ \n :set hostname [ \$ip2Host inStr=\$leaseActIP ]\ \n :log info \"\$LogPrefix: Empty hostname for '\$leaseActIP', using generated host name '\$hostname'\"\ \n }\ \n :set hostname [\$lowerCase entry=\$hostname]\ \n :set hostname [\$mapHostName name=\$hostname]\ \n# :log info \"\$LogPrefix: Clean hostname for FQDN is \$hostname\";\ \n\ \n :if ( [ :len \$domain ] <= 0 ) do={\ \n :log warning \"\$LogPrefix: Empty domainname for '\$leaseActIP', cannot create static DNS name\"\ \n :error \"Empty domainname for '\$leaseActIP'\"\ \n }\ \n\ \n :local fqdn (\$hostname . \".\" . \$domain)\ \n# :log info \"\$LogPrefix: FQDN for DNS is \$fqdn\"\ \n\ \n :if ([/ip dhcp-server lease get [find mac-address=\$leaseActMAC and server=\$leaseServerName]]) do={\ \n :log info message=\"\$LogPrefix: \$leaseActMAC -> \$hostname\"\ \n :do {\ \n :local old [/ip dns static find name=\$fqdn comment~\"^\$leaseServerName-\"]\ \n :if ( \$old != \"\" ) do {\ \n :log info \"\$logPrefix: removing existing record \$old\"\ \n /ip dns static remove \$old\ \n :log info \"\$logPrefix: done\"\ \n }\ \n /ip dns static add address=\$leaseActIP name=\$fqdn ttl=\$dnsttl comment=\$token;\ \n } on-error={:log error message=\"\$LogPrefix: Failure during dns registration of \$fqdn with \$leaseActIP\"}\ \n }\ \n\ \n} else={\ \n\ \n# DHCP lease removed\ \n :local record [/ip dns static find comment=\$token]\ \n :if ( \$record != \"\" ) do={\ \n :log info \"\$logPrefix: removing \$record\"\ \n /ip dns static remove \$record\ \n :log info \"\$logPrefix: done\"\ \n }\ \n}\ \n"/tool bandwidth-serverset enabled=no/tool graphing interfaceadd interface=ether1add allow-address=10.0.5.110/32 interface=bridge/tool graphing queueadd/tool graphing resourceadd/tool mac-serverset allowed-interface-list=none/tool mac-server mac-winboxset allowed-interface-list=none/tool mac-server pingset enabled=no
Statistics: Posted by cmmike — Fri Mar 29, 2024 10:48 am
Statistics: Posted by redjahred — Fri Mar 29, 2024 10:45 am
Statistics: Posted by patrikg — Fri Mar 29, 2024 10:38 am
Statistics: Posted by mgx — Fri Mar 29, 2024 10:37 am
Easy, just apply the default "WAN" config only after you set your initial password. Problem solved.
This is not sufficient for devices that work by default without you ever having to log in.
50k Cisco devices do absolutely nothing when you power them up first time, you need to do a lot of configuration.
But a MikroTik router connected to a line with DHCP will often work with the default config, and the user never has to log in.
Statistics: Posted by pe1chl — Fri Mar 29, 2024 10:27 am
Statistics: Posted by Buckeye — Fri Mar 29, 2024 10:26 am