v6.18 I’m filling some big shoes, not by preference.
BGP is advertising route 0.0.0.0/0 via IGP. I have read over filters and just don’t seem to really grab the concept. Is there a way to filter routes that are native only to this mikrotik?
[Name] > export com
# feb/14/2015 00:41:28 by RouterOS 6.10
# software id = XIR2-KWQ8
#
/interface bridge
add name=lo_nshs_h_vrf
add name=lobridge
add name=lovpls
add name=lovpnv4
add l2mtu=1530 name=nshs_vpls_core
/interface ethernet
set [ find default-name=ether1 ] name=e1-Radio-GW
set [ find default-name=ether3 ] name=e3-VRF-Master
set [ find default-name=ether4 ] name=e4-VPLS
set [ find default-name=ether5 ] name=e5-Client
set [ find default-name=ether6 ] auto-negotiation=no name=e6-Fiber
set [ find default-name=ether7 ] name=e7
set [ find default-name=ether8 ] name=e8-MGMT
/interface vlan
add interface=e3-VRF-Master l2mtu=1584 name=nshs_vrf53 vlan-id=53
/interface ethernet
set [ find default-name=ether2 ] master-port=e3-VRF-Master name=e2-VRF-B
/ip dhcp-server option
add code=66 name=66 value="'ftp://PlcmSpIp:Some_Sting@xxx.xxx.xxx.xxx'"
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d
/ip pool
add name=nshs_vrf53 ranges=10.53.1.2-10.53.1.254
/ip dhcp-server
add address-pool=nshs_vrf53 disabled=no interface=nshs_vrf53 name=nshs_vrf53
/port
set 0 name=serial0
set 1 name=serial1
/queue type
add kind=pcq name=pcq_master_tx_rx
/routing bgp instance
set default as=***** client-to-client-reflection=no redistribute-connected=yes router-id=10.254.2.53
add as=***** client-to-client-reflection=no name=vpls router-id=10.254.3.53
add as=***** client-to-client-reflection=no name=vpnv4 router-id=10.254.5.53
/routing ospf instance
set [ find default=yes ] router-id=10.254.2.53
/snmp community
add addresses=0.0.0.0/0 name=******
/interface bridge port
add bridge=nshs_vpls_core interface=e4-VPLS
/interface vpls bgp-vpls
add bridge=nshs_vpls_core bridge-horizon=1 export-route-targets=53:1 import-route-targets=53:1 name=NSHS_H_vpls pw-mtu=1530 route-distinguisher=10.254.3.53:53 site-id=53
/ip address
add address=10.254.2.53/32 interface=lobridge network=10.254.2.53
add address=10.2.0.27/29 interface=e1-Radio-GW network=10.2.0.24
add address=10.254.3.53/32 interface=lovpls network=10.254.3.53
add address=10.254.5.53/32 interface=lovpnv4 network=10.254.5.53
add address=192.168.88.1/24 interface=e8-MGMT network=192.168.88.0
add address=10.53.1.1/24 interface=nshs_vrf53 network=10.53.1.0
add address=xxx.xxx.xxx.xxx/30 interface=lo_nshs_h_vrf network=xxx.xxx.xxx.xxx
add address=xxx.xxx.xxx.xxx/29 interface=e5-Client network=xxx.xxx.xxx.xxx
add address=10.0.255.2/24 interface=e6-Fiber network=10.0.255.0
/ip dhcp-server network
add address=10.53.1.0/24 dhcp-option=66 dns-server=8.8.8.8,8.8.4.4 gateway=10.53.1.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall address-list
add address=xxx.xxx.xxx.xxx/30 list=voip
add address=xxx.xxx.xxx.xxx/29 list=NET
add address=xxx.xxx.xxx.xxx list=voip
/ip firewall filter
add action=drop chain=input comment="drop non essential NLAN fiber connections." src-address=10.0.255.3
add action=drop chain=input src-address=10.0.255.4
add action=drop chain=input src-address=10.0.255.5
add action=drop chain=input src-address=10.0.255.6
add action=drop chain=input dst-address=xxx.xxx.xxx.xxx dst-port=23 protocol=tcp
add action=drop chain=input dst-address=xxx.xxx.xxx.xxx dst-port=21 protocol=tcp
add action=drop chain=input dst-address=xxx.xxx.xxx.xxx dst-port=8291 protocol=tcp
add action=drop chain=input dst-address=xxx.xxx.xxx.xxx dst-port=22 protocol=tcp
add action=drop chain=input dst-address=xxx.xxx.xxx.xxx dst-port=23 protocol=tcp
add action=drop chain=input dst-address=xxx.xxx.xxx.xxx dst-port=21 protocol=tcp
add action=drop chain=input dst-address=xxx.xxx.xxx.xxx dst-port=8291 protocol=tcp
add action=drop chain=input src-address=xxx.xxx.xxx.xxx/28
/ip firewall mangle
add action=mark-routing chain=prerouting comment=VRF53 dst-address=xxx.xxx.xxx.xxx new-routing-mark=vrf53
add action=mark-connection chain=prerouting comment=VOIP disabled=yes new-connection-mark=voip src-address-list=voip
add action=mark-packet chain=prerouting connection-mark=voip disabled=yes new-packet-mark=voip
add action=mark-connection chain=prerouting disabled=yes dst-address-list=voip new-connection-mark=voip
add action=mark-packet chain=prerouting connection-mark=voip disabled=yes new-packet-mark=voip
add action=mark-connection chain=prerouting comment=Traffic disabled=yes new-connection-mark=traffic_up src-address-list=NET
add action=mark-packet chain=prerouting connection-mark=traffic_up disabled=yes new-packet-mark=traffic_up
add action=mark-connection chain=prerouting disabled=yes dst-address-list=NET new-connection-mark=traffic_down
add action=mark-packet chain=prerouting connection-mark=traffic_down disabled=yes new-packet-mark=traffic_down
/ip firewall nat
add action=src-nat chain=srcnat routing-mark=vrf53 to-addresses=xxx.xxx.xxx.xxx
add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.xxx routing-mark=vrf53 to-addresses=10.53.1.2-10.53.1.254
/ip firewall service-port
set sip disabled=yes
/ip route
add distance=1 gateway=10.2.0.25@main routing-mark=vrf53
/ip route vrf
add export-route-targets=53:1 import-route-targets=53:1 interfaces=nshs_vrf53 route-distinguisher=10.254.5.53:53 routing-mark=vrf53
/ip upnp
set allow-disable-external-interface=no
/lcd interface
set sfp-sfpplus1 interface=sfp-sfpplus1
set sfp1 interface=sfp1
set e1-Radio-GW interface=e1-Radio-GW
set e2-VRF-B interface=e2-VRF-B
set e3-VRF-Master interface=e3-VRF-Master
set e4-VPLS interface=e4-VPLS
set e5-Client interface=e5-Client
set e6-Fiber interface=e6-Fiber
set e7 interface=e7
set e8-MGMT interface=e8-MGMT
/mpls interface
set [ find default=yes ] mpls-mtu=1530
add interface=e1-Radio-GW mpls-mtu=1530
add interface=e6-Fiber mpls-mtu=1530
/mpls ldp
set enabled=yes loop-detect=yes lsr-id=10.254.2.53 transport-address=10.254.2.53
/mpls ldp interface
add interface=e1-Radio-GW
add interface=e6-Fiber
/routing bgp instance vrf
add instance=vpnv4 redistribute-connected=yes routing-mark=vrf53
/routing bgp peer
add name=STI_POP_ip remote-address=10.254.0.10 remote-as=***** route-reflect=yes tcp-md5-key=****** update-source=lobridge
add name=WHI_POP_ip remote-address=10.254.0.11 remote-as=***** route-reflect=yes tcp-md5-key=****** update-source=lobridge
add address-families=ip,l2vpn instance=vpls name=STI_POP_vpls remote-address=10.254.1.10 remote-as=***** route-reflect=yes tcp-md5-key=****** update-source=lovpls
add address-families=ip,l2vpn instance=vpls name=WHI_POP_vpls remote-address=10.254.1.11 remote-as=***** route-reflect=yes tcp-md5-key=****** update-source=lovpls
add address-families=ip,vpnv4 instance=vpnv4 name=STI_POP_vpnv4 remote-address=10.254.4.10 remote-as=***** route-reflect=yes tcp-md5-key=****** update-source=lovpnv4
add address-families=ip,vpnv4 default-originate=always instance=vpnv4 name=WHI_POP_vpnv4 remote-address=10.254.4.11 remote-as=***** route-reflect=yes tcp-md5-key=****** update-source=lovpnv4
/routing ospf interface
add authentication=md5 authentication-key=****** authentication-key-id=9 interface=e1-Radio-GW network-type=point-to-point
add authentication=md5 authentication-key=****** authentication-key-id=9 interface=e6-Fiber network-type=ptmp priority=0
/routing ospf network
add area=backbone network=10.0.255.0/24
add area=backbone network=10.2.0.24/29
add area=backbone network=10.254.2.53/32
add area=backbone network=10.254.3.53/32
add area=backbone network=10.254.5.53/32
/snmp
set contact=name@name.com enabled=yes location="SNHS" trap-community=****** trap-target=10.253.0.1 trap-version=2
/system identity
set name=Name
/system ntp client
set enabled=yes mode=unicast primary-ntp=10.253.0.1
/system routerboard settings
set cpu-frequency=1200MHz memory-frequency=1066DDR
/tool sniffer
set streaming-enabled=yes streaming-server=10.253.0.8
