Hay,
Can you please check my setting if its right or wrong? what i can add or edit to make it better?
[admin@group0] radius> print
Flags: X - disabled
SERVICE CALLED-ID DOMAIN ADDRESS SECRET
0 hotspot 192.168.0.1 123456
1 dhcp 192.168.0.1 123456
[admin@group0] radius>
[admin@group0] > log
[admin@group0] log> print
14:33:00 web-proxy,warning web proxy cache size is limited by memory size
14:37:51 dhcp,info,debug dhcp1 deassigned 192.168.0.254 from 00:14:85:EF:19:4B
14:37:53 dhcp,error,warning,info,debug dhcp1: radius authentication failed for 00:14:85:EF:19:4B: RADIUS server is
not responding
14:37:56 dhcp,error,warning,info,debug dhcp1: radius authentication failed for 00:14:85:EF:19:4B: RADIUS server is
not responding
14:38:04 dhcp,error,warning,info,debug dhcp1: radius authentication failed for 00:14:85:EF:19:4B: RADIUS server is
not responding
14:38:19 dhcp,error,warning,info,debug dhcp1: radius authentication failed for 00:14:85:EF:19:4B: RADIUS server is
not responding
14:38:35 system,info,account user admin logged in via local
14:38:57 dhcp,error,warning,info,debug dhcp1: radius authentication failed for 00:14:85:EF:19:4B: RADIUS server is
not responding
14:39:01 dhcp,error,warning,info,debug dhcp1: radius authentication failed for 00:14:85:EF:19:4B: RADIUS server is
not responding
14:39:04 dhcp,error,warning,info,debug dhcp1: radius authentication failed for 00:14:85:EF:19:4B: RADIUS server is
not responding
14:39:08 dhcp,error,warning,info,debug dhcp1: radius authentication failed for 00:14:85:EF:19:4B: RADIUS server is
not responding
14:39:15 dhcp,error,warning,info,debug dhcp1: radius authentication failed for 00:14:85:EF:19:4B: RADIUS server is
not responding
14:39:31 dhcp,error,warning,info,debug dhcp1: radius authentication failed for 00:14:85:EF:19:4B: RADIUS server is
not responding
14:39:42 dhcp,error,warning,info,debug dhcp1: radius authentication failed for 00:14:85:EF:19:4B: RADIUS server is
not responding
14:39:46 dhcp,error,warning,info,debug dhcp1: radius authentication failed for 00:14:85:EF:19:4B: RADIUS server is
not responding
14:39:58 dhcp,error,warning,info,debug dhcp1: radius authentication failed for 00:14:85:EF:19:4B: RADIUS server is
not responding
14:40:02 dhcp,error,warning,info,debug dhcp1: radius authentication failed for 00:14:85:EF:19:4B: RADIUS server is
not responding
[admin@group0] interface> print
Flags: X - disabled, D - dynamic, R - running
NAME TYPE RX-RATE TX-RATE MTU
0 R leaseline ether 0 0 1500
1 R internal ether 0 0 1500
[admin@group0] interface ethernet> print
Flags: X - disabled, R - running
NAME MTU MAC-ADDRESS ARP
0 R leaseline 1500 00:0F:EA:4E:0D:12 enabled
1 R internal 1500 00:0E:2E:83:A0:AF enabled
[admin@group0] > snmp
[admin@group0] snmp> print
enabled: no
contact: “”
location: “”
[admin@group0] snmp>
[admin@group0] user> print
Flags: X - disabled
NAME GROUP ADDRESS
0 ;;; system default user
admin full 0.0.0.0/0
[admin@group0] user>
[admin@group0] ip accounting> print
enabled: no
account-local-traffic: no
threshold: 256
–
[admin@group0] ip service> print
Flags: X - disabled, I - invalid
NAME PORT ADDRESS CERTIFICATE
0 telnet 23 0.0.0.0/0
1 ftp 21 0.0.0.0/0
2 www 808 0.0.0.0/0
3 ssh 22 0.0.0.0/0
4 X www-ssl 443 0.0.0.0/0 none
[admin@group0] ip upnp> print
enabled: no
allow-disable-external-interface: yes
show-dummy-rule: yes
[admin@group0] ip socks> print
enabled: no
port: 1080
connection-idle-timeout: 2m
max-connections: 200
[admin@group0] ip dns> print
primary-dns: 212.118.133.102
secondary-dns: 62.149.114.7
allow-remote-requests: yes
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 17KiB
[admin@group0] ip address> print
Flags: X - disabled, I - invalid, D - dynamic
ADDRESS NETWORK BROADCAST INTERFACE
0 ;;; added by setup
192.168.1.115/24 192.168.1.0 192.168.1.255 leaseline
1 ;;; added by setup
192.168.0.1/24 192.168.0.0 192.168.0.255 internal
[admin@group0] ip proxy> print
enabled: no
port: 8080
parent-proxy: 0.0.0.0:1
maximal-client-connecions: 1000
maximal-server-connectons: 1000
[admin@group0] ip pool> print
NAME RANGES
0 dhcp-pool-1 192.168.0.2-192.168.0.254
[admin@group0] ip route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf
DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 ADC 192.168.0.0/24 192.168.0.1 internal
1 S 192.168.1.0/24 r 192.168.1.1 leaseline
2 ADC 192.168.1.0/24 192.168.1.115 leaseline
3 A S ;;; added by setup
0.0.0.0/0 r 192.168.1.1 leaseline
[admin@group0] ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=forward src-address=192.168.0.0/24 action=mark-connection new-connection-mark=users-con passthrough=yes
1 chain=forward connection-mark=users-con action=mark-packet new-packet-mark=users passthrough=yes
[admin@group0] ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=leaseline src-address=192.168.0.0/24 action=masquerade
1 chain=dstnat in-interface=internal protocol=tcp dst-port=80 action=redirect to-ports=8080
2 ;;; masquerade hotspot network
chain=srcnat src-address=192.168.0.0/24 action=masquerade
[admin@group0] ip firewall connection> print
Flags: S - seen reply, A - assured
PR.. SRC-ADDRESS DST-ADDRESS TCP-STATE TIMEOUT
0 SA tcp 192.168.0.253:1121 192.168.0.1:8291 established 23h59m59s
[admin@group0] ip firewall> filter
[admin@group0] ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=forward protocol=tcp dst-port=135 action=drop
1 chain=input protocol=tcp dst-port=23 action=drop
2 chain=forward protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop
3 ;;; Drop Invalid connections
chain=input connection-state=invalid action=drop
4 ;;; Allow Established connections
chain=input connection-state=established action=accept
5 ;;; Allow UDP
chain=input protocol=udp action=accept
6 ;;; Allow ICMP
chain=input protocol=icmp action=accept
7 ;;; Allow access to rotr from known network
chain=input src-address=192.168.0.0/24 action=accept
8 ;;; Drop anything else
chain=input action=drop
9 ;;; drop invalid connections
chain=forward protocol=tcp connection-state=invalid action=drop
10 ;;; allow already established connections
chain=forward connection-state=established action=accept
11 ;;; allow related connections
chain=forward connection-state=related action=accept
12 chain=forward src-address=0.0.0.0/8 action=drop
13 chain=forward dst-address=0.0.0.0/8 action=drop
14 chain=forward src-address=127.0.0.0/8 action=drop
15 chain=forward dst-address=127.0.0.0/8 action=drop
16 chain=forward src-address=224.0.0.0/3 action=drop
17 chain=forward dst-address=224.0.0.0/3 action=drop
18 chain=forward protocol=tcp action=jump jump-target=tcp
19 chain=forward protocol=udp action=jump jump-target=udp
20 chain=forward protocol=icmp action=jump jump-target=icmp
21 ;;; deny TFTP
chain=tcp protocol=tcp dst-port=69 action=drop
22 ;;; deny RPC portmapper
chain=tcp protocol=tcp dst-port=111 action=drop
23 ;;; deny RPC portmapper
chain=tcp protocol=tcp dst-port=135 action=drop
24 ;;; deny NBT
chain=tcp protocol=tcp dst-port=137-139 action=drop
25 ;;; deny cifs
chain=tcp protocol=tcp dst-port=445 action=drop
26 ;;; deny NFS
chain=tcp protocol=tcp dst-port=2049 action=drop
27 ;;; deny NetBus
chain=tcp protocol=tcp dst-port=12345-12346 action=drop
28 ;;; deny NetBus
chain=tcp protocol=tcp dst-port=20034 action=drop
29 ;;; deny BackOriffice
chain=tcp protocol=tcp dst-port=3133 action=drop
30 ;;; deny DHCP
chain=tcp protocol=tcp dst-port=67-68 action=drop
31 ;;; deny TFTP
chain=udp protocol=udp dst-port=69 action=drop
32 ;;; deny PRC portmapper
chain=udp protocol=udp dst-port=111 action=drop
33 ;;; deny PRC portmapper
chain=udp protocol=udp dst-port=135 action=drop
34 ;;; deny NBT
chain=udp protocol=udp dst-port=137-139 action=drop
35 ;;; deny NFS
chain=udp protocol=udp dst-port=2049 action=drop
36 ;;; deny BackOriffice
chain=udp protocol=udp dst-port=3133 action=drop
37 ;;; drop invalid connections
chain=icmp protocol=icmp icmp-options=0:0 action=accept
38 ;;; allow established connections
chain=icmp protocol=icmp icmp-options=3:0 action=accept
39 ;;; allow already established connections
chain=icmp protocol=icmp icmp-options=3:1 action=accept
40 ;;; allow source quench
chain=icmp protocol=icmp icmp-options=4:0 action=accept
41 ;;; allow echo request
chain=icmp protocol=icmp icmp-options=8:0 action=accept
42 ;;; allow time exceed
chain=icmp protocol=icmp icmp-options=11:0 action=accept
43 ;;; allow parameter bad
chain=icmp protocol=icmp icmp-options=12:0 action=accept
44 ;;; deny all other types
chain=icmp action=drop
[admin@group0] ip firewall service-port> print
Flags: X - disabled, I - invalid
NAME PORTS
0 ftp 21
1 tftp 69
2 irc 6667
3 X h323
4 quake3
5 X gre
6 X pptp
[admin@group0] ip hotspot> print
Flags: X - disabled, I - invalid, S - HTTPS
NAME INTERFACE ADDRESS-POOL PROFILE
0 server1 internal dhcp-pool-1 hsprof1
[admin@group0] ip hotspot service-port> print
Flags: X - disabled
NAME PORTS
0 ftp 21
[admin@group0] ip hotspot host> print
Flags: S - static, H - DHCP, D - dynamic, A - authorized, P - bypassed
MAC-ADDRESS ADDRESS TO-ADDRESS SERVER IDLE-TIMEOUT
0 DA 00:14:85:EF:19:4B 192.168.1.110 192.168.0.253 server1
[admin@group0] ip hotspot profile> print
Flags: * - default
0 * name=“default” hotspot-address=0.0.0.0 dns-name=“” html-directory=hotspot rate-limit=“” http-proxy=0.0.0.0:0
smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no use-radius=no
1 name=“hsprof1” hotspot-address=0.0.0.0 dns-name=“” html-directory=hotspot rate-limit=“” http-proxy=0.0.0.0:0
smtp-server=0.0.0.0 login-by=http-chap split-user-domain=no use-radius=yes radius-accounting=yes
radius-interim-update=received nas-port-type=wireless-802.11 radius-default-domain=“” radius-location-id=“”
radius-location-name=“”
[admin@group0] ip hotspot active> print
Flags: R - radius, B - blocked
USER ADDRESS UPTIME SESSION-TIME-LEFT IDLE-TIMEOUT
0 admin 192.168.0.253 20m19s
[admin@group0] ip hotspot user> print
Flags: X - disabled, D - dynamic
SERVER NAME ADDRESS PROFILE UPTIME
0 admin default 4h3m5s
1 fahed default 1m1s
[admin@group0] ip dhcp-client> print
Flags: X - disabled, I - invalid
INTERFACE USE-PEER-DNS ADD-DEFAULT-ROUTE STATUS ADDRESS
0 ;;; added by setup
internal yes searching…
[admin@group0] ip dhcp-server> print
Flags: X - disabled, I - invalid
NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP
0 dhcp1 internal dhcp-pool-1 3d
[admin@group0] ip web-proxy> print
enabled: yes
src-address: 0.0.0.0
port: 8080
hostname: “proxy”
transparent-proxy: yes
parent-proxy: 0.0.0.0:0
cache-administrator: “webmaster”
max-object-size: 102400KiB
cache-drive: system
max-cache-size: unlimited
max-ram-cache-size: unlimited
status: running
reserved-for-cache: 29707264KiB
reserved-for-ram-cache: 2048KiB
admin@group0] ip web-proxy cache> print
Flags: X - disabled, I - invalid
0 ;;; don’t cache dynamic http pages
url=“:cgi-bin \?” action=deny
1 url=“:\.jpg$” action=allow
2 url=“:\.png$” action=allow
3 url=“:\.gif$” action=allow
4 url=“:\.flv$” action=allow
5 url=“:\.swf$” action=allow
6 url=“:\.exe$” action=allow
7 url=“:\.zip$” action=allow
8 url=“:\.3gp$” action=allow
9 url=“:\.mp3$” action=allow
10 ;;; youtube
url=“httpyoutubeget_video*” action=allow
admin@group0] tool user-manager router> print
Flags: X - disabled
0 subscriber=admin name=“group0” ip-address=192.168.0.1 shared-secret=“123456”
[admin@group0] tool user-manager credit> print
SUBSCRIBER NAME TIME FULL-PRICE EXTEND-PRICE
0 admin 1Month 31Days 4w3d 70 unavailable
[admin@group0] tool user-manager user> print
Flags: X - disabled, A - active
0 subscriber=MikroTik username=“demo” password=“demo” uptime-used=3m59s download-used=593971 upload-used=89604
last-seen=jun/05/2007 14:06:52 credit-count=0 credit-left=0s credit-duration=0s credit-price=0
credit-till-time=jan/01/1970 00:00:00 credit-time-added=0s
1 subscriber=admin username=“1” password=“1” first-name=“1” last-name=“1” uptime-limit=1h uptime-used=1h
download-used=9897174 upload-used=629454 last-seen=jun/05/2007 15:13:29 credit-count=0 credit-left=0s
credit-duration=0s credit-price=0 credit-till-time=jan/01/1970 00:00:00 credit-time-added=0s
[admin@group0] tool user-manager session> print
Flags: A - active
0 subscriber=MikroTik user=“demo” nas-port=2156920837 nas-port-type=wireless-802.11
calling-station-id=“00:14:85:EF:19:4B” acct-session-id=“80900005” user-ip=192.168.0.254 host-ip=192.168.0.1
status=start,stop from-time=jun/05/2007 14:02:54 till-time=jun/05/2007 14:06:52 terminate-cause=lost-carrier
uptime=3m59s download=593971 upload=89604
1 subscriber=admin user=“1” nas-port=2156920840 nas-port-type=wireless-802.11 nas-port-id=“internal”
calling-station-id=“00:14:85:EF:19:4B” acct-session-id=“80900008” user-ip=192.168.0.254 host-ip=192.168.0.1
status=start,stop,interim from-time=jun/05/2007 14:13:29 till-time=jun/05/2007 15:13:29
terminate-cause=session-timeout uptime=1h download=9897174 upload=629454
[admin@group0] tool user-manager customer> print
Flags: X - disabled
0 subscriber=admin login=“admin” password=“” date-format=“%m/%d/%y” time-zone=+03:00 permissions=owner parent=admin
1 subscriber=MikroTik login=“MikroTik” password=“qwerty” time-zone=+00:00 permissions=owner parent=MikroTik
[admin@group0] tool sniffer> print
interface: all
only-headers: no
memory-limit: 10
file-name: “”
file-limit: 10
streaming-enabled: no
streaming-server: 0.0.0.0
filter-stream: yes
filter-protocol: ip-only
filter-address1: 0.0.0.0/0:0-65535
filter-address2: 0.0.0.0/0:0-65535
running: no