Capmsan with multiple bridges

UmairHamidani · August 23, 2020, 8:09am

Hello,

I am new to MikroTik and I am configuring MikroTik capsman but I have 2 bridges and I have to configure it with 2 bridges (datapaths), but I am not able to find a way to configure it.

need help in this regard.

erlinden · August 23, 2020, 8:16am

Why two bridges? Have you considered VLAN’s?

UmairHamidani · August 23, 2020, 8:21am

I have joined the company and it has 2 bridges 1 for the servers and 1 for the local LAN, I don’t want to do anything that can stop/delay their productivity.

erlinden · August 23, 2020, 8:35am

Why do you need two bridges on CAPsMAN? Why is the LAN bridge not sufficient?

Can you please share the config: /export hide-sensitive file=router ?

UmairHamidani · August 23, 2020, 8:38am

aug/23/2020 11:37:51 by RouterOS 6.45.9

software id = EE20-MFII

model = CCR1036-12G-4S

serial number = 851A0899D808

/caps-man channel
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2412 name=channel1
/interface bridge
add admin-mac=CC:2D:E0:1E:29:7A auto-mac=no name="Bridge of SAP"
add admin-mac=CC:2D:E0:1E:29:74 auto-mac=no name=Bridge-local priority=0x7000
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] name="ether2 // IT-AP" speed=100Mbps
set [ find default-name=ether3 ] comment="|| SAP-PRD SERVER || 192.168.20.2"
name="ether3 // SAP-PRD" speed=100Mbps
set [ find default-name=ether4 ] comment="|| SAP-BKP SERVER || 192.168.20.4"
name="ether4 // SAP-BKP" speed=100Mbps
set [ find default-name=ether5 ] comment="ADMIN FIRST AP" speed=100Mbps
set [ find default-name=ether6 ] advertise=100M-full,1000M-full comment=
"ADMIN GRND AP" name="ether6 // Admin 1st"
set [ find default-name=ether7 ] name="ether7 // SAP-PRD Internet" speed=
100Mbps
set [ find default-name=ether8 ] name="ether8 // // HYPER-V Port # 1" speed=
100Mbps
set [ find default-name=ether10 ] name="ether10 // IMC" speed=100Mbps
set [ find default-name=ether11 ] comment=
":: HO User from tunnel 18-223-32 ::" name="ether11 // INTRANET LOCAL"
speed=100Mbps
set [ find default-name=ether12 ] comment=
"::: || Internet Incoming Traffic ::::" name="ether12 // Internet" speed=
100Mbps
set [ find default-name=sfp1 ] advertise=10M-full,100M-full,1000M-full
full-duplex=no
set [ find default-name=sfp2 ] advertise=10M-full,100M-full,1000M-full
set [ find default-name=sfp3 ] advertise=10M-full,100M-full,1000M-full
set [ find default-name=sfp4 ] advertise=10M-full,100M-full,1000M-full
/interface vrrp
add interface=Bridge-local name=vrrp1 priority=254 vrid=49
add disabled=yes interface="Bridge of SAP" name=vrrp2-sap priority=254 vrid=
40
/caps-man datapath
add bridge=Bridge-local name=datapath1
add bridge="Bridge of SAP" name=datapath2
/caps-man security
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm
group-encryption=aes-ccm name=Earthlink
/caps-man configuration
add channel=channel1 datapath=datapath1 mode=ap name=Earthlink security=
Earthlink ssid=Earthlink
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server
add add-arp=yes bootp-support=dynamic disabled=no interface=vrrp1 lease-time=
2h name=dhcp1
/ip firewall layer7-protocol
add name=YT regexp="^.+(youtube.com).$"
add name=FB regexp="^.+(facebook.com|apps.facebook.com|\r
\nwww.connect.facebook.net|m.facebok.com|staticak.connect.facebook.com|log
in.facebook.com|fbcdn.net ).$"
/ip pool
add name=dhcp_pool0 ranges=192.168.16.200-192.168.16.252
add name=VPN_POOL ranges=10.0.0.1-10.0.0.100
add name=vpn ranges=192.168.89.2-192.168.89.255
/ppp profile
add local-address=192.168.16.254 name=vpn_profile remote-address=VPN_POOL
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/queue simple
add dst="ether12 // Internet" max-limit=50M/10M name="All Bandwith" priority=
1/1 target=192.168.16.0/24
add comment=ADMIN dst="ether12 // Internet" max-limit=2M/256k name=
"Elaf Cell" parent="All Bandwith" target=192.168.16.111/32
add comment=IT dst="ether12 // Internet" max-limit=10M/5M name=
"Umair Cell New" parent="All Bandwith" target=192.168.16.106/32
add comment=WB1 dst="ether12 // Internet" max-limit=1M/256k name="WB1 Mobile"
parent="All Bandwith" target=192.168.16.152/32
add max-limit=5M/5M name="Umair Laptop Lan" parent="All Bandwith" target=
192.168.16.98/32
add dst="ether12 // Internet" max-limit=10M/1M name="Shahid Tabbasum Cell"
parent="All Bandwith" target=192.168.16.211/32
add dst="ether12 // Internet" max-limit=5M/1M name="Kashif Majeed" parent=
"All Bandwith" target=192.168.16.221/32
add dst="ether12 // Internet" max-limit=5M/2M name="Kashif Majeed Cell1"
parent="All Bandwith" target=192.168.16.236/32
add dst="ether12 // Internet" max-limit=5M/1M name="Shahid Tabbasum Laptop"
parent="All Bandwith" target=192.168.16.225/32
add dst="ether12 // Internet" max-limit=4M/1M name=Fin-Kashif-Majeed-Laptop
parent="All Bandwith" target=192.168.16.222/32
add comment=ADMIN dst="ether12 // Internet" max-limit=5M/1M name=
"Amir Beterny Laptop" parent="All Bandwith" target=192.168.16.116/32
time=8h-4h,sun,mon,tue,wed,thu,fri,sat
add comment=ADMIN dst="ether12 // Internet" max-limit=2M/1M name=
"Aziz Iraqi Cell" parent="All Bandwith" target=192.168.16.130/32
add comment=ADMIN dst="ether12 // Internet" max-limit=2M/1M name="Raad Cell"
parent="All Bandwith" target=192.168.16.119/32
add comment=ADMIN dst="ether12 // Internet" max-limit=5M/1M name=
"Amir Beterny Cell" parent="All Bandwith" target=192.168.16.112/32
add comment=ADMIN dst="ether12 // Internet" max-limit=5M/1M name="Raad PC"
parent="All Bandwith" target=192.168.16.118/32
add comment=ADMIN dst="ether12 // Internet" max-limit=5M/1M name="Elaf PC"
parent="All Bandwith" target=192.168.16.123/32
add comment=ADMIN dst="ether12 // Internet" max-limit=5M/1M name="Muna PC"
parent="All Bandwith" target=192.168.16.122/32
add comment=ADMIN dst="ether12 // Internet" max-limit=5M/1M name="Marwa PC"
parent="All Bandwith" target=192.168.16.120/32
add comment=ADMIN dst="ether12 // Internet" max-limit=2M/384k name=
"Hala Cell" parent="All Bandwith" target=192.168.16.127/32
add comment=ADMIN dst="ether12 // Internet" max-limit=5M/1M name="Hala PC"
parent="All Bandwith" target=192.168.16.121/32
add comment=ADMIN dst="ether12 // Internet" max-limit=384k/32k name=
"Murtaza Cell" parent="All Bandwith" target=192.168.16.124/32
add comment=ADMIN dst="ether12 // Internet" max-limit=2M/384k name=
"Marwa Cell" parent="All Bandwith" target=192.168.16.128/32
add comment=ADMIN dst="ether12 // Internet" max-limit=2M/384k name=
"Muna Cell" parent="All Bandwith" target=192.168.16.115/32
add comment=ADMIN dst="ether12 // Internet" max-limit=1M/384k name=
"Ahmed Dawood Cell" parent="All Bandwith" target=192.168.16.117/32
add comment=ADMIN dst="ether12 // Internet" max-limit=1M/384k name=
"Ahmed Dawood Cell1" parent="All Bandwith" target=192.168.16.126/32
add comment=ADMIN dst="ether12 // Internet" max-limit=2M/384k name=
"Food Store Incharge" parent="All Bandwith" target=192.168.16.113/32
add comment=CCR dst="ether12 // Internet" max-limit=10M/768k name=
DSC-ROUTER-436 parent="All Bandwith" target=192.168.16.132/32
add comment=CCR dst="ether12 // Internet" max-limit=10M/768k name=DCS-ROUTER
parent="All Bandwith" target=192.168.16.183/32
add comment=CCR dst="ether12 // Internet" max-limit=768k/384k name=
Muqeem-Cell parent="All Bandwith" target=192.168.16.182/32
add comment=IT dst="ether12 // Internet" max-limit=5M/5M name=Backupserver
parent="All Bandwith" target=192.168.16.64/32
add comment=IT dst="ether12 // Internet" max-limit=50M/5M name="Umair Laptop"
parent="All Bandwith" priority=1/1 target=192.168.16.99/32
add comment=IT dst="ether12 // Internet" max-limit=5M/512k name="Remote PC"
parent="All Bandwith" priority=8/1 target=192.168.16.109/32
add comment=IT dst="ether12 // Internet" max-limit=10M/256k name=WSUS parent=
"All Bandwith" target=192.168.16.105/32
add comment=IT dst="ether12 // Internet" max-limit=5M/1M name="File Server"
parent="All Bandwith" target=192.168.16.61/32
add comment=IT dst="ether12 // Internet" max-limit=5M/5M name=SAP-PRD parent=
"All Bandwith" target=192.168.16.110/32
add comment=IT dst="ether12 // Internet" max-limit=10M/5M name=
"GM Laptop LAN" parent="All Bandwith" target=192.168.16.104/32
add comment=IT dst="ether12 // Internet" max-limit=10M/5M name="GM Cell"
parent="All Bandwith" target=192.168.16.101/32
/queue type
add kind=pcq name=PCQ pcq-classifier=dst-address pcq-dst-address6-mask=64
pcq-src-address6-mask=64
/queue tree
add max-limit=1M name="PG || :: || INTERNET" packet-mark=
"PG Download Special Limit" parent=global priority=7 queue=PCQ
add max-limit=1M name="ADMIN || :: || INTERNET" packet-mark=
"ADMIN Download Special Limit" parent=global priority=7 queue=PCQ
add max-limit=1M name="CCR || :: || INTERNET" packet-mark=
"CCR Download Special Limit" parent=global priority=1 queue=PCQ
add max-limit=512k name="WB1|| :: || INTERNET" packet-mark=
"WB1 Download Special Limit" parent=global queue=PCQ
add max-limit=512k name="STORE || :: || INTERNET" packet-mark=
"STORE Download Special Limit" parent=global priority=7 queue=PCQ
add max-limit=2M name="GUEST || :: || INTERNET" packet-mark=
"GUEST Download Special Limit" parent=global queue=PCQ
add max-limit=5M name="OTHER || :: || INTERNET" packet-mark=
"OTHER Download Special Limit" parent=global priority=1 queue=PCQ
add max-limit=786k name="DCS || :: || INTERNET" packet-mark=
"DCS Download Special Limit" parent=global priority=7 queue=PCQ
/snmp community
set [ find default=yes ] addresses=192.168.16.105/32,192.168.16.65/32 name=
almabrooka
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=Earthlink name-format=
prefix
/interface bridge port
add bridge=Bridge-local hw=no interface=sfp1 priority=0x70
add bridge=Bridge-local hw=no interface=sfp2 priority=0x70
add bridge=Bridge-local hw=no interface="ether2 // IT-AP"
add bridge="Bridge of SAP" interface="ether3 // SAP-PRD"
add bridge="Bridge of SAP" interface="ether4 // SAP-BKP"
add bridge=Bridge-local interface="ether10 // IMC"
add bridge=Bridge-local interface=ether9
add bridge=Bridge-local interface=ether5
add bridge=Bridge-local interface="ether6 // Admin 1st"
add bridge=Bridge-local interface="ether8 // // HYPER-V Port # 1"
add bridge=Bridge-local interface="ether7 // SAP-PRD Internet"
add bridge=Bridge-local interface=ether1
/interface l2tp-server server
set allow-fast-path=yes use-ipsec=yes
/interface list member
add interface=ether1 list=WAN
add interface="ether2 // IT-AP" list=LAN
add interface="ether3 // SAP-PRD" list=LAN
add interface="ether4 // SAP-BKP" list=LAN
add interface=ether5 list=LAN
add interface="ether6 // Admin 1st" list=LAN
add interface="ether7 // SAP-PRD Internet" list=LAN
add interface="ether8 // // HYPER-V Port # 1" list=LAN
add interface=ether9 list=LAN
add interface="ether10 // IMC" list=LAN
add interface="ether11 // INTRANET LOCAL" list=LAN
add interface="ether12 // Internet" list=LAN
add interface=sfp1 list=LAN
add interface=sfp2 list=LAN
add interface=sfp3 list=LAN
add interface=sfp4 list=LAN
/interface pppoe-server server
add disabled=no interface= service-name=service1
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes
/interface sstp-server server
set default-profile=default-encryption
/ip address
add address=192.168.16.1/24 comment="DHCP TO Clients" interface=Bridge-local
network=192.168.16.0
add address=192.168.16.254/24 comment="|| VRRP&DHCP FOR Clients ||"
interface=vrrp1 network=192.168.16.0
add address=192.168.20.1/29 comment="|| TO SAP Server ||" interface=
"Bridge of SAP" network=192.168.20.0
add address=37.238.135.234/29 comment="|| Public IP of Earthlink ||"
interface="ether12 // Internet" network=37.238.135.232
add address=10.20.20.1/30 comment="|| Bridge of SAP Server ||" interface=
"Bridge of SAP" network=10.20.20.0
add address=10.10.10.1/30 comment="|| Bridge of Local ||" interface=
Bridge-local network=10.10.10.0
add address=172.21.59.133/27 comment="|| Like the subnet of EOIP ||"
disabled=yes interface="ether12 // Internet" network=172.21.59.128
add address=10.4.40.2/24 comment=
"||:: LOCAL CONNECTIVITY TO SAP SERVER MAIN IP ::||" interface=
"ether2 // IT-AP" network=10.4.40.0
/ip arp
add address=192.168.16.132 interface=Bridge-local mac-address=
02:03:10:0E:0E:D6
add address=192.168.16.193 interface=vrrp1 mac-address=90:F6:52:80:48:9E
add address=192.168.16.132 interface=vrrp1 mac-address=02:03:10:0E:0E:D6
/ip cloud
set ddns-enabled=yes
/ip dhcp-server lease
add address=192.168.16.161 client-id=1:b8:76:3f:13:b8:cf comment=
PG-G.SHABBIR-LAPTOP-WIFI mac-address=B8:76:3F:13:B8:CF server=dhcp1
use-src-mac=yes
add address=192.168.16.163 client-id=1:b4:b5:2f:cd:75:dd comment=
PG-OPERATIONS mac-address=B4:B5:2F:CD:75:DD server=dhcp1 use-src-mac=yes
add address=192.168.16.165 client-id=1:ec:a8:6b:60:a1:59 comment=
"PG-AASHIQ ALI" mac-address=EC:A8:6B:60:A1:59 server=dhcp1 use-src-mac=
yes
add address=192.168.16.134 client-id=1:ec:a8:6b:60:97:dc comment=CCR-IMRAN-PC
mac-address=EC:A8:6B:60:97:DC server=dhcp1 use-src-mac=yes
add address=192.168.16.171 client-id=1:ec:1f:72:87:c2:8f comment=
"PG-MUJEEB CELL" mac-address=EC:1F:72:87:C2:8F server=dhcp1 use-src-mac=
yes
add address=192.168.16.156 client-id=1:58:8a:5a:35:c1:b1 comment=
STORE-ADNAN-LAPTOP-LAN mac-address=58:8A:5A:35:C1:B1 server=dhcp1
use-src-mac=yes
add address=192.168.16.172 comment="PG- ASHIQ ALI CELL" mac-address=
DC:D9:16:C1:5D:C2 server=dhcp1 use-src-mac=yes
add address=192.168.16.157 client-id=1:d4:3d:7e:21:58:dd comment=
STORE-EJAZ-PC mac-address=D4:3D:7E:21:58:DD server=dhcp1 use-src-mac=yes
add address=192.168.16.167 client-id=1:ec:a8:6b:60:66:3b comment=PG-NASIR-PC
mac-address=EC:A8:6B:60:66:3B server=dhcp1 use-src-mac=yes
add address=192.168.16.170 client-id=1:fc:42:3:d1:db:ce comment=
PG-G.SHABBIR-CELL mac-address=FC:42:03:D1:DB:CE server=dhcp1 use-src-mac=
yes
add address=192.168.16.127 client-id=1:74:c1:4f:21:be:78 comment=
ADMIN-HALA-CELL mac-address=74:C1:4F:21:BE:78 server=dhcp1 use-src-mac=
yes
add address=192.168.16.100 client-id=1:8:d4:c:64:9c:f9 comment=
"IT-GMUSTAFA LAPTOP-WIFI" mac-address=08:D4:0C:64:9C:F9 server=dhcp1
use-src-mac=yes
add address=192.168.16.116 client-id=1:0:24:d7:3c:c5:dc comment=
"ADMIN-AMIR BETERNY LAPTOP" mac-address=00:24:D7:3C:C5:DC server=dhcp1
use-src-mac=yes
add address=192.168.16.158 client-id=1:a0:8c:fd:e2:df:8f comment=
STORE-JAMSHED-PC mac-address=A0:8C:FD:E2:DF:8F server=dhcp1 use-src-mac=
yes
add address=192.168.16.135 client-id=1:ec:a8:6b:60:a0:3a comment=
CCR-SHAHZAIB-PC mac-address=EC:A8:6B:60:A0:3A server=dhcp1 use-src-mac=
yes
add address=192.168.16.137 client-id=1:2c:44:fd:1b:ed:b comment=CCR-ASIF-PC
mac-address=2C:44:FD:1B:ED:0B server=dhcp1 use-src-mac=yes
add address=192.168.16.102 client-id=1:88:82:79:5:be:ba comment=IT-IPTV
mac-address=88:82:79:05:BE:BA server=dhcp1 use-src-mac=yes
add address=192.168.16.168 client-id=1:a0:48:1c:a2:da:c9 comment=
"PG-TAHIR AHMED PC" mac-address=A0:48:1C:A2:DA:C9 server=dhcp1
use-src-mac=yes
add address=192.168.16.169 comment="PG-RAFI ULLAH-CELL" mac-address=
3C:05:18:91:7D:C9 server=dhcp1 use-src-mac=yes
add address=192.168.16.218 comment=TARIQ-CELL mac-address=34:DE:1A:06:08:D8
server=dhcp1 use-src-mac=yes
add address=192.168.16.204 comment="ASHFAQ SB CELL" mac-address=
D8:C4:6A:AD:C5:E5 server=dhcp1 use-src-mac=yes
add address=192.168.16.217 comment=TARIQ-LAPTOP mac-address=38:63:BB:A2:3D:12
server=dhcp1 use-src-mac=yes
add address=192.168.16.148 comment=WB1-WEIGHMENT2-SAP mac-address=
C8:1F:66:37:25:E1 server=dhcp1 use-src-mac=yes
add address=192.168.16.203 client-id=1:c4:b3:1:ac:3c:8e comment=
"AZHAR SB LAPTOP" mac-address=C4:B3:01:AC:3C:8E server=dhcp1 use-src-mac=
yes
add address=192.168.16.65 comment="IT-IMC SERVER" mac-address=
00:15:5D:00:32:1C server=dhcp1 use-src-mac=yes
add address=192.168.16.207 comment="ADNAN SB-CELL" mac-address=
24:F0:94:30:0E:F8 server=dhcp1 use-src-mac=yes
add address=192.168.16.150 comment=WB2-WEIGHMENT1-SAP mac-address=
50:9A:4C:2E:9A:01 server=dhcp1 use-src-mac=yes
add address=192.168.16.175 client-id=1:d8:9c:67:78:7d:67 comment=
"PG-RAFI ULLAH-LAPTOP-WIFI" mac-address=D8:9C:67:78:7D:67 server=dhcp1
use-src-mac=yes
add address=192.168.16.162 comment=PG-RAFIULLAH-LAPTOP-LAN mac-address=
E4:E7:49:0B:3C:98 server=dhcp1 use-src-mac=yes
add address=192.168.16.160 client-id=1:9c:30:5b:b2:cf:91 comment=
STORE-ADNAN-LAPTOP-WIFI mac-address=9C:30:5B:B2:CF:91 server=dhcp1
use-src-mac=yes
add address=192.168.16.215 client-id=1:f4:31:c3:27:86:f5 comment=MURTAZA-CELL
mac-address=F4:31:C3:27:86:F5 server=dhcp1 use-src-mac=yes
add address=192.168.16.208 client-id=1:9c:b6:d0:8c:71:c9 comment=
"ADNAN SB-LAPTOP" mac-address=9C:B6:D0:8C:71:C9 server=dhcp1 use-src-mac=
yes
add address=192.168.16.209 client-id=1:dc:a2:66:30:be:13 comment=
KHAMIS-LAPTOP mac-address=DC:A2:66:30:BE:13 server=dhcp1 use-src-mac=yes
add address=192.168.16.202 client-id=1:88:19:8:ca:d7:e3 comment=
"AZHAR SB-CELL" mac-address=88:19:08:CA:D7:E3 server=dhcp1 use-src-mac=
yes
add address=192.168.16.210 client-id=1:ac:af:b9:50:8d:6e comment=KHAMIS-CELL
mac-address=AC:AF:B9:50:8D:6E server=dhcp1 use-src-mac=yes
add address=192.168.16.139 client-id=1:30:7:4d:46:15:d7 comment="CCR-GM CELL"
mac-address=30:07:4D:46:15:D7 server=dhcp1 use-src-mac=yes
add address=192.168.16.214 client-id=1:a4:d9:31:9e:c2:df comment=MARDAN-CELL
mac-address=A4:D9:31:9E:C2:DF server=dhcp1 use-src-mac=yes
add address=192.168.16.140 client-id=1:ec:a8:6b:60:98:31 comment=CCR-NISAR-PC
mac-address=EC:A8:6B:60:98:31 server=dhcp1 use-src-mac=yes
add address=192.168.16.132 comment=DCS-ROUTER-436 mac-address=
02:03:10:0E:0E:D6 server=dhcp1 use-src-mac=yes
add address=192.168.16.183 comment=DCS-ROUTER- mac-address=E8:DE:27:5C:A3:B3
server=dhcp1 use-src-mac=yes
add address=192.168.16.200 client-id=1:f0:79:60:ee:4d:e6 comment=CHINEES-CELL
mac-address=F0:79:60:EE:4D:E6 server=dhcp1 use-src-mac=yes
add address=192.168.16.107 client-id=1:2c:fd:ab:d2:4b:a7 comment=
IT-UMAIR-CELL mac-address=2C:FD:AB:D2:4B:A7 server=dhcp1 use-src-mac=yes
add address=192.168.16.205 client-id=1:50:3e:aa:33:2c:44 comment=
"ASHFAQ SB-LAPTOP-1" mac-address=50:3E:AA:33:2C:44 server=dhcp1
use-src-mac=yes
add address=192.168.16.206 client-id=1:30:3a:64:7b:d8:56 comment=
"ASHFAQ SB LAPTOP-2" mac-address=30:3A:64:7B:D8:56 server=dhcp1
use-src-mac=yes
add address=192.168.16.212 client-id=1:6c:72:e7:2:c3:b8 comment=
"MURTAZA ABBAS CELL" mac-address=6C:72:E7:02:C3:B8 server=dhcp1
use-src-mac=yes
add address=192.168.16.173 client-id=1:74:86:7a:6:87:e comment=
PG-G.SHABBIR-LAN mac-address=74:86:7A:06:87:0E server=dhcp1 use-src-mac=
yes
add address=192.168.16.104 client-id=1:fc:3f:db:f8:f7:36 comment=
IT-GMUSTAFA-LAPTOP-LAN mac-address=FC:3F:DB:F8:F7:36 server=dhcp1
use-src-mac=yes
add address=192.168.16.103 comment="IT-LED TV" mac-address=2C:D9:74:67:94:4A
server=dhcp1 use-src-mac=yes
add address=192.168.16.201 client-id=1:d0:2b:20:b4:fc:4e comment=
"M.ALI TABBA-CELL" mac-address=D0:2B:20:B4:FC:4E server=dhcp1
use-src-mac=yes
add address=192.168.16.110 comment="IT-SAP-PRD-SERVER INTERNET" mac-address=
AC:16:2D:7B:12:66 server=dhcp1 use-src-mac=yes
add address=192.168.16.147 client-id=1:ec:a8:6b:62:d9:36 comment=
WB1-WEIGHMENT1-FOXPRO mac-address=EC:A8:6B:62:D9:36 server=dhcp1
use-src-mac=yes
add address=192.168.16.128 client-id=1:6c:c7:ec:d2:f8:9b comment=
ADMIN-MARWA-CELL mac-address=6C:C7:EC:D2:F8:9B server=dhcp1 use-src-mac=
yes
add address=192.168.16.125 client-id=1:c8:1f:66:37:e8:5 comment=ADMIN-GATE-2
mac-address=C8:1F:66:37:E8:05 server=dhcp1 use-src-mac=yes
add address=192.168.16.112 client-id=1:90:94:97:fb:89:3e comment=
"ADMIN-AMIR-BETERNY CELL" mac-address=90:94:97:FB:89:3E server=dhcp1
use-src-mac=yes
add address=192.168.16.166 client-id=1:b4:b5:2f:cd:76:4 comment=
"PG-BARI SAHAB" mac-address=B4:B5:2F:CD:76:04 server=dhcp1 use-src-mac=
yes
add address=192.168.16.141 client-id=1:f0:99:b6:ed:89:7a comment=
CCR-GM-CELL-IPhone mac-address=F0:99:B6:ED:89:7A server=dhcp1
use-src-mac=yes
add address=192.168.16.111 client-id=1:48:3b:38:3b:fd:89 comment=
ADMIN-ELAF-CELL mac-address=48:3B:38:3B:FD:89 server=dhcp1 use-src-mac=
yes
add address=192.168.16.174 client-id=1:f0:ee:10:28:e:14 comment=
"PG-TAHIR AHMED-CELL" mac-address=F0:EE:10:28:0E:14 server=dhcp1
use-src-mac=yes
add address=192.168.16.223 client-id=1:24:fd:52:9:f8:ab comment=MKT-SAQID-HO
mac-address=24:FD:52:09:F8:AB server=dhcp1 use-src-mac=yes
add address=192.168.16.222 client-id=1:60:14:b3:b8:71:d comment=
FIN-KASHIF-LAPTOP mac-address=60:14:B3:B8:71:0D server=dhcp1 use-src-mac=
yes
add address=192.168.16.224 client-id=1:6c:c7:ec:d5:46:8b comment=
"MKT-WALEED CELL" mac-address=6C:C7:EC:D5:46:8B server=dhcp1 use-src-mac=
yes
add address=192.168.16.225 client-id=1:80:2b:f9:78:2d:1b comment=
FIN-SHAHID-LAPTOP mac-address=80:2B:F9:78:2D:1B server=dhcp1 use-src-mac=
yes
add address=192.168.16.226 client-id=1:64:66:b3:d:62:c9 comment=
"MKT-Muslim LAPTOP" mac-address=64:66:B3:0D:62:C9 server=dhcp1
use-src-mac=yes
add address=192.168.16.227 client-id=1:2c:6f:c9:50:72:1d comment=
"FIN-FAIZAN LAPTOP" mac-address=2C:6F:C9:50:72:1D server=dhcp1
use-src-mac=yes
add address=192.168.16.220 client-id=1:8:c5:e1:22:36:1d comment=
FIN-MubashirCell mac-address=08:C5:E1:22:36:1D server=dhcp1 use-src-mac=
yes
add address=192.168.16.219 client-id=1:3c:f8:62:5b:78:ef comment=
"FIN-Mubashir LAPTOP" mac-address=3C:F8:62:5B:78:EF server=dhcp1
use-src-mac=yes
add address=192.168.16.216 client-id=1:48:5a:3f:24:97:b0 comment=
FIN-FAIZAN-CELL mac-address=48:5A:3F:24:97:B0 server=dhcp1 use-src-mac=
yes
add address=192.168.16.142 client-id=1:30:3a:64:81:e2:0 comment=
CCR-GM-LAPTOP-WIFI mac-address=30:3A:64:81:E2:00 server=dhcp1
use-src-mac=yes
add address=192.168.16.136 client-id=1:90:b1:1c:8c:96:5 comment=
"CCR-ABDUL MOQEEM PC" mac-address=90:B1:1C:8C:96:05 server=dhcp1
use-src-mac=yes
add address=192.168.16.213 client-id=1:40:9c:28:98:f:c9 comment=MAZEN-CELL
mac-address=40:9C:28:98:0F:C9 server=dhcp1 use-src-mac=yes
add address=192.168.16.101 client-id=1:0:fa:21:6:81:c0 comment=IT-GM-CELL
mac-address=00:FA:21:06:81:C0 server=dhcp1 use-src-mac=yes
add address=192.168.16.228 client-id=1:a4:d9:31:95:d:22 comment=
"Haji Sadique Ali" mac-address=A4:D9:31:95:0D:22 server=dhcp1
use-src-mac=yes
add address=192.168.16.229 client-id=1:c8:38:70:3e:c9:66 comment=
"Haji Sadique Ali" mac-address=C8:38:70:3E:C9:66 server=dhcp1
use-src-mac=yes
add address=192.168.16.230 client-id=1:b4:69:21:48:d:c3 comment=
"MURTAZA ABBAS LAPTOP" mac-address=B4:69:21:48:0D:C3 server=dhcp1
use-src-mac=yes
add address=192.168.16.119 comment=ADMIN-RAAD-CELL mac-address=
18:19:D6:A6:78:14 server=dhcp1 use-src-mac=yes
add address=192.168.16.99 client-id=1:48:5f:99:26:31:d5 comment=
IT-UMAIR-LAPTOP-WIFI mac-address=48:5F:99:26:31:D5 server=dhcp1
add address=192.168.16.181 comment="Food Store Printer" mac-address=
D0:C5:D3:F4:D7:41 server=dhcp1 use-src-mac=yes
add address=192.168.16.159 client-id=1:ec:5c:68:8:5d:ef comment=
"STORE-FOOD INCHARG-PC-WIFI" mac-address=EC:5C:68:08:5D:EF server=dhcp1
add address=192.168.16.146 client-id=1:a0:8c:fd:dc:a3:39 comment=WB1-DESKTOP
mac-address=A0:8C:FD:DC:A3:39 server=dhcp1 use-src-mac=yes
add address=192.168.16.114 client-id=1:c8:5b:76:14:90:21 comment=
ADMIN-RECEPTION-1 mac-address=C8:5B:76:14:90:21 server=dhcp1
add address=192.168.16.144 comment=WB1-PRINTER mac-address=80:C5:F2:D0:66:DF
server=dhcp1 use-src-mac=yes
add address=192.168.16.149 client-id=1:f4:8e:38:86:c8:4b comment=
WB2-WEIGHMENT1 mac-address=F4:8E:38:86:C8:4B server=dhcp1 use-src-mac=yes
add address=192.168.16.138 client-id=1:a4:1f:72:88:6d:43 comment=CCR-QC-PC
mac-address=A4:1F:72:88:6D:43 server=dhcp1 use-src-mac=yes
add address=192.168.16.115 client-id=1:38:fb:14:83:61:99 comment=
ADMIN-MUNA-CELL mac-address=38:FB:14:83:61:99 server=dhcp1
add address=192.168.16.69 client-id=1:20:67:7c:e2:9f:cd comment=HYPER-V
mac-address=20:67:7C:E2:9F:CC server=dhcp1
add address=192.168.16.64 client-id=1:0:15:5d:10:6e:5 comment=IT-BACKUP-SRV
mac-address=00:15:5D:10:6E:05 server=dhcp1
add address=192.168.16.63 client-id=1:0:15:5d:10:6e:3 comment=
IT-REMOTE-ACCESS mac-address=00:15:5D:10:6E:03 server=dhcp1
add address=192.168.16.66 client-id=1:0:15:5d:10:6e:9 comment=IT-DC
mac-address=00:15:5D:10:6E:09 server=dhcp1
add address=192.168.16.133 client-id=1:d4:3d:7e:21:5d:45 comment=CCR-TAHIR
mac-address=D4:3D:7E:21:5D:45 server=dhcp1 use-src-mac=yes
add address=192.168.16.232 client-id=1:c0:bd:c8:f8:80:a1 comment=
SCM-TARIQ-JAMSHED-CELL mac-address=C0:BD:C8:F8:80:A1 server=dhcp1
use-src-mac=yes
add address=192.168.16.233 client-id=1:14:5f:94:fd:61:76 comment=
SCM-ASIF-CELL mac-address=14:5F:94:FD:61:76 server=dhcp1 use-src-mac=yes
add address=192.168.16.234 client-id=1:48:5f:99:13:5b:2b comment=
SCM-ASIF-LAPTOP mac-address=48:5F:99:13:5B:2B server=dhcp1 use-src-mac=
yes
add address=192.168.16.105 client-id=1:0:15:5d:10:6e:d comment=IT-WSUS
mac-address=00:15:5D:10:6E:0D server=dhcp1
add address=192.168.16.68 client-id=1:20:67:7c:e2:9f:cc comment=HYPER-V
mac-address=20:67:7C:E2:9F:CD server=dhcp1
add address=192.168.16.122 client-id=1:ec:a8:6b:60:a0:b0 comment=ADM-MUNA-PC
mac-address=EC:A8:6B:60:A0:B0 server=dhcp1
add address=192.168.16.123 client-id=1:9c:8e:99:f4:ac:75 comment=ADM-ELAF-PC
mac-address=9C:8E:99:F4:AC:75 server=dhcp1
add address=192.168.16.120 client-id=1:b0:83:fe:77:f9:d6 comment=ADM-MARWA-PC
mac-address=B0:83:FE:77:F9:D6 server=dhcp1
add address=192.168.16.118 client-id=1:c8:cb:b8:26:fb:b comment=ADM-RAAD-PC
mac-address=C8:CB:B8:26:FB:0B server=dhcp1
add address=192.168.16.129 client-id=1:f4:a9:97:ca:b0:1f comment=
ADMIN-CANON-NEW-PRINTER mac-address=F4:A9:97:CA:B0:1F server=dhcp1
add address=192.168.16.145 client-id=1:e4:2b:34:69:29:f9 comment=WB1-YASEEN
mac-address=E4:2B:34:69:29:F9 server=dhcp1
add address=192.168.16.121 client-id=1:64:0:6a:d:19:b7 comment=
ADMIN-HALA-PC-LAN mac-address=64:00:6A:0D:19:B7 server=dhcp1 use-src-mac=
yes
add address=192.168.16.62 client-id=1:0:15:5d:10:6e:a mac-address=
00:15:5D:10:6E:0A server=dhcp1
add address=192.168.16.98 client-id=1:b0:c:d1:f0:5d:58 comment=IT-UMAIR-LAN
mac-address=B0:0C:D1:F0:5D:58 server=dhcp1
add address=192.168.16.237 client-id=1:7c:89:56:16:e2:8e comment=
"ASHFAQ SAHAB CELL" mac-address=7C:89:56:16:E2:8E server=dhcp1
add address=192.168.16.113 client-id=1:88:bd:45:5a:cf:ac comment=
ADMIN-NAWAR-STORE mac-address=88:BD:45:5A:CF:AC server=dhcp1
add address=192.168.16.131 comment=CCR-Printer-Imran-Ghani mac-address=
80:91:33:66:EF:2D server=dhcp1
add address=192.168.16.235 client-id=1:a4:f0:5e:d1:86:91 comment=
SCM-ADEEL-SATTAR mac-address=A4:F0:5E:D1:86:91 server=dhcp1
add address=192.168.16.130 client-id=1:24:6f:8c:e7:16:7c comment=
ADMIN-AZIZ-IRAQI mac-address=24:6F:8C:E7:16:7C server=dhcp1
add address=192.168.16.211 client-id=1:24:18:1d:ca:83:5e comment=
FIN-SHAHID-TABBASUM-CELL mac-address=24:18:1D:CA:83:5E server=dhcp1
add address=192.168.16.221 client-id=1:48:5a:3f:98:40:19 comment=
FIN-KASHIF-CELL mac-address=48:5A:3F:98:40:19 server=dhcp1
add address=192.168.16.231 client-id=1:54:48:10:eb:b4:f3 comment=
FIN-SHAHID-TABBASUM-LAN mac-address=54:48:10:EB:B4:F3 server=dhcp1
add address=192.168.16.236 client-id=1:80:79:5d:53:1c:dd comment=
FIN-KASHIF-CELL mac-address=80:79:5D:53:1C:DD server=dhcp1
add address=192.168.16.108 client-id=1:18:19:d6:80:b1:fe comment=
IT-UMAIR-CELL mac-address=18:19:D6:80:B1:FE server=dhcp1
add address=192.168.16.117 client-id=1:34:12:f9:ec:1f:ed comment=
ADMIN-AHMED-DAWOOD mac-address=34:12:F9:EC:1F:ED server=dhcp1
add address=192.168.16.152 client-id=1:c:e4:a0:8c:7a:b comment=WB1-CELL-NEW
mac-address=0C:E4:A0:8C:7A:0B server=dhcp1
add address=192.168.16.252 client-id=1:e4:e:ee:30:ba:4f mac-address=
E4:0E:EE:30:BA:4F server=dhcp1
add address=192.168.16.251 client-id=1:14:d1:69:8d:4b:3c mac-address=
14:D1:69:8D:4B:3C server=dhcp1
/ip dhcp-server network
add address=192.168.16.0/24 dns-server=192.168.16.66,208.67.220.220 domain=
"SAP-PRD\SAPSERVER" gateway=192.168.16.254 netmask=24 wins-server=
192.168.20.2
/ip dns
set servers=192.168.16.66,208.67.222.222
/ip firewall address-list
add address=192.168.16.0/24 list="subnt 16.0"
add address=192.168.16.111-192.168.16.253 list="Block Youtube"
/ip firewall filter
add action=drop chain=forward comment="Blocked Youtube" disabled=yes
dst-address=0.0.0.0 dst-port=80,443 layer7-protocol=YT protocol=tcp
src-address=192.168.16.111-192.168.16.253 src-address-list=
"Block Youtube" time=8h30m-16h,sun,mon,tue,wed,thu,sat tls-host=
.youtube.com
add action=drop chain=forward comment="Block FaceBook" disabled=yes dst-port=
443 protocol=tcp src-address=192.168.16.111-192.168.16.253 time=
8h30m-16h,sun,mon,tue,wed,thu,fri,sat tls-host=.facebook.com
add action=drop chain=forward comment="BLOCK INTERNET QC USER" dst-address=
192.168.16.138 in-interface="ether12 // Internet"
add action=drop chain=forward comment="BLOCK INTERNET RECEIPTION USER"
dst-address=192.168.16.114 in-interface="ether12 // Internet"
add action=drop chain=forward comment="BLOCK INTERNET WB2 USER" dst-address=
192.168.16.150 in-interface="ether12 // Internet"
add action=drop chain=forward comment="BLOCK INTERNET WB2 USER" dst-address=
192.168.16.149 in-interface="ether12 // Internet"
add action=drop chain=forward comment="BLOCK INTERNET WB1 FOXPRO PC"
dst-address=192.168.16.147 in-interface="ether12 // Internet"
add action=drop chain=forward comment="BLOCK INTERNET ADMIN-GATE-2 PC"
dst-address=192.168.16.125 in-interface="ether12 // Internet"
src-address-list=""
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.2 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.3 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.5 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.6 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.7 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.8 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.9 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.10 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.11 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.12 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.13 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.14 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.15 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.16 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.17 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.18 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.19 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.21 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.20 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.4 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.22 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.23 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.24 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.25 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.26 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.27 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.28 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.29 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.30 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.31 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.32 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.33 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.34 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.35 in-interface="ether12 // Internet"
add action=drop chain=forward comment="Murtaza Admin" dst-address=
192.168.16.124 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.36 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.37 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.38 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.39 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.40 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.41 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.42 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.43 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.44 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.45 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.46 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" disabled=yes
dst-address=192.168.16.47 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" disabled=yes
dst-address=192.168.16.48 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.69 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.70 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.71 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.72 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.73 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.74 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.75 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.76 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.77 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.78 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.79 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.80 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.81 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.82 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.83 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.84 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.85 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.86 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.87 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.88 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.89 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.90 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.91 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.92 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.93 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.94 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.106 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" disabled=yes
dst-address=192.168.16.108 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.109 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.143 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.153 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.154 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.155 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.164 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.176 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.177 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.178 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.179 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.180 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.199 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.231 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.238 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.239 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.240 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.241 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.242 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.243 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.244 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.245 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.246 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.247 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" disabled=yes
dst-address=192.168.16.248 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" disabled=yes
dst-address=192.168.16.249 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" disabled=yes
dst-address=192.168.16.250 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" disabled=yes
dst-address=192.168.16.251 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" disabled=yes
dst-address=192.168.16.252 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.253 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.196 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.197 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.198 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.187 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.195 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.194 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.193 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.192 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.191 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.190 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.189 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.188 in-interface="ether12 // Internet"
add action=drop chain=forward comment="General Block" dst-address=
192.168.16.68 in-interface="ether12 // Internet"
/ip firewall mangle
add action=mark-packet chain=forward comment=
"|| PG || Internet Download Limit " dst-address=
192.168.16.161-192.168.16.180 in-interface="ether12 // Internet"
new-packet-mark="PG Download Special Limit" passthrough=no
add action=mark-packet chain=forward comment=
"|| CCR || Internet Download Limit " dst-address=
192.168.16.131-192.168.16.144 in-interface="ether12 // Internet"
new-packet-mark="CCR Download Special Limit" passthrough=no
add action=mark-packet chain=forward comment=
"|| ADMIN || Internet Download Limit " dst-address=
192.168.16.111-192.168.16.130 in-interface="ether12 // Internet"
new-packet-mark="ADMIN Download Special Limit" passthrough=no
add action=mark-packet chain=forward comment=
"|| WB1 || Internet Download Limit " dst-address=
192.168.16.145-192.168.16.152 in-interface="ether12 // Internet"
new-packet-mark="WB1 Download Special Limit" passthrough=no
add action=mark-packet chain=forward comment=
"|| STORE || Internet Download Limit " dst-address=
192.168.16.153-192.168.16.160 in-interface="ether12 // Internet"
new-packet-mark="STORE Download Special Limit" passthrough=no
add action=mark-packet chain=forward comment=
"|| DCS || Internet Download Limit " dst-address=
192.168.16.181-192.168.16.190 in-interface="ether12 // Internet"
new-packet-mark="DCS Download Special Limit" passthrough=no
add action=mark-packet chain=forward comment=
"|| GUEST || Internet Download Limit " dst-address=
192.168.16.191-192.168.16.253 in-interface="ether12 // Internet"
new-packet-mark="GUEST Download Special Limit" passthrough=no
add action=mark-packet chain=forward comment=
"|| OTHER || Internet Download Limit " dst-address=
192.168.16.2-192.168.16.110 in-interface="ether12 // Internet"
new-packet-mark="OTHER Download Special Limit" passthrough=no
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=53 protocol=tcp to-addresses=
208.67.220.220 to-ports=53
add action=dst-nat chain=dstnat dst-port=53 protocol=udp to-addresses=
208.67.220.220 to-ports=53
add action=masquerade chain=srcnat src-address=192.168.16.0/24
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=
192.168.89.0/24
/ip proxy
set src-address=0.0.0.0
/ip route
add distance=1 gateway=37.238.135.233
add distance=1 dst-address=192.168.15.0/24 gateway=10.4.40.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes port=11994
set api disabled=yes
set api-ssl disabled=yes
/ip socks
set port=7182
/ip socks access
add src-address=5.188.0.0/15
add src-address=192.243.0.0/16
add src-address=5.9.0.0/16
add src-address=5.104.0.0/16
add action=deny src-address=0.0.0.0/0
add src-address=5.188.0.0/15
add src-address=192.243.0.0/16
add src-address=5.9.0.0/16
add src-address=5.104.0.0/16
add action=deny src-address=0.0.0.0/0
add src-address=5.188.0.0/15
add src-address=192.243.0.0/16
add src-address=5.9.0.0/16
add src-address=5.104.0.0/16
add action=deny src-address=0.0.0.0/0
add src-address=5.188.0.0/15
add src-address=192.243.0.0/16
add src-address=5.9.0.0/16
add src-address=5.104.0.0/16
add action=deny src-address=0.0.0.0/0
add src-address=5.188.0.0/15
add src-address=192.243.0.0/16
add src-address=5.9.0.0/16
add src-address=5.104.0.0/16
add action=deny src-address=0.0.0.0/0
add src-address=5.188.0.0/15
add src-address=192.243.0.0/16
add src-address=5.9.0.0/16
add src-address=5.104.0.0/16
add action=deny src-address=0.0.0.0/0
add src-address=5.188.0.0/15
add src-address=192.243.0.0/16
add src-address=5.9.0.0/16
add src-address=5.104.0.0/16
add action=deny src-address=0.0.0.0/0
add src-address=5.188.0.0/15
add src-address=192.243.0.0/16
add src-address=5.9.0.0/16
add src-address=5.104.0.0/16
add action=deny src-address=0.0.0.0/0
add src-address=5.188.0.0/15
add src-address=192.243.0.0/16
add src-address=5.9.0.0/16
add src-address=5.104.0.0/16
add action=deny src-address=0.0.0.0/0
add src-address=5.188.0.0/15
add src-address=192.243.0.0/16
add src-address=5.9.0.0/16
add src-address=5.104.0.0/16
add action=deny src-address=0.0.0.0/0
add src-address=5.188.0.0/15
add src-address=192.243.0.0/16
add src-address=5.9.0.0/16
add src-address=5.104.0.0/16
add action=deny src-address=0.0.0.0/0
add src-address=5.188.0.0/15
add src-address=192.243.0.0/16
add src-address=5.9.0.0/16
add src-address=5.104.0.0/16
add action=deny src-address=0.0.0.0/0
add src-address=5.188.0.0/15
add src-address=192.243.0.0/16
add src-address=5.9.0.0/16
add src-address=5.104.0.0/16
add action=deny src-address=0.0.0.0/0
add src-address=5.188.0.0/15
add src-address=192.243.0.0/16
add src-address=5.9.0.0/16
add src-address=5.104.0.0/16
add action=deny src-address=0.0.0.0/0
add src-address=5.188.0.0/15
add src-address=192.243.0.0/16
add src-address=5.9.0.0/16
add src-address=5.104.0.0/16
add action=deny src-address=0.0.0.0/0
add src-address=5.188.0.0/15
add src-address=192.243.0.0/16
add src-address=5.9.0.0/16
add src-address=5.104.0.0/16
add action=deny src-address=0.0.0.0/0
add src-address=5.188.0.0/15
add src-address=192.243.0.0/16
add src-address=5.9.0.0/16
add src-address=5.104.0.0/16
add action=deny src-address=0.0.0.0/0
add src-address=5.188.0.0/15
add src-address=192.243.0.0/16
add src-address=5.9.0.0/16
add src-address=5.104.0.0/16
add action=deny src-address=0.0.0.0/0
add src-address=5.188.0.0/15
add src-address=192.243.0.0/16
add src-address=5.9.0.0/16
add src-address=5.104.0.0/16
add action=deny src-address=0.0.0.0/0
add src-address=5.188.0.0/15
add src-address=192.243.0.0/16
add src-address=5.9.0.0/16
add src-address=5.104.0.0/16
add action=deny src-address=0.0.0.0/0
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/lcd
set backlight-timeout=1h59m default-screen=informative-slideshow
time-interval=daily
/ppp secret
add name=khamis profile=vpn_profile service=pptp
add name=murtaza profile=vpn_profile service=pptp
add name=vpnsap profile=vpn_profile service=pptp
add name=lashl1 profile=vpn_profile service=pptp
add name=lashl2 profile=vpn_profile service=pptp
add name=faizan profile=vpn_profile service=pptp
add disabled=yes name=tahir profile=vpn_profile service=pptp
add name=mubashir profile=vpn_profile service=pptp
add name=it profile=vpn_profile service=pptp
add name=hassan profile=vpn_profile service=pptp
add name=zayan profile=vpn_profile service=pptp
add name=zahid profile=vpn_profile service=pptp
/snmp
set contact=ITS enabled=yes trap-generators=interfaces trap-interfaces=vrrp1
trap-target=192.168.16.105,192.168.16.65
/system clock
set time-zone-name=Asia/Baghdad
/system clock manual
set time-zone=+03:00
/system identity
set name=IT-RB01
/system logging
add topics=firewall
/tool romon
set enabled=yes
/tool traffic-monitor
add interface="ether2 // IT-AP" name=tmon1 threshold=0 traffic=received

UmairHamidani · August 23, 2020, 9:03am

We need another bridge because people who are using wi-fi needs to access the server.