Returns False.
/export hide-sensitive verbose
# aug/29/2018 19:50:26 by RouterOS 6.43.4
# software id = ZUNB-FW0U
#
# model = 951G-2HnD
# serial number = 642E06875CDF
/interface bridge
add admin-mac=6C:3B:6B:C2:61:F7 ageing-time=5m arp=enabled arp-timeout=auto auto-mac=no comment=wifi+ethernet dhcp-snooping=no disabled=no fast-forward=no forward-delay=15s igmp-snooping=no \
max-message-age=20s mtu=auto name=LAN priority=0x8000 protocol-mode=rstp transmit-hold-count=6 vlan-filtering=no
/interface ethernet
set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"port1 - master" disabled=no full-duplex=yes l2mtu=1598 loop-protect=default loop-protect-disable-time=5m loop-protect-send-interval=5s mac-address=6C:3B:6B:C2:61:F7 mtu=1500 name=LAN1 \
orig-mac-address=6C:3B:6B:C2:61:F7 rx-flow-control=off speed=100Mbps tx-flow-control=off
set [ find default-name=ether2 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited comment=port2 \
disabled=no full-duplex=yes l2mtu=1598 loop-protect=default loop-protect-disable-time=5m loop-protect-send-interval=5s mac-address=6C:3B:6B:C2:61:F8 mtu=1500 name=LAN2 orig-mac-address=\
6C:3B:6B:C2:61:F8 rx-flow-control=off speed=100Mbps tx-flow-control=off
set [ find default-name=ether3 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited comment=port3 \
disabled=no full-duplex=yes l2mtu=1598 loop-protect=default loop-protect-disable-time=5m loop-protect-send-interval=5s mac-address=6C:3B:6B:C2:61:F9 mtu=1500 name=LAN3 orig-mac-address=\
6C:3B:6B:C2:61:F9 rx-flow-control=off speed=100Mbps tx-flow-control=off
set [ find default-name=ether4 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited comment=port4 \
disabled=no full-duplex=yes l2mtu=1598 loop-protect=default loop-protect-disable-time=5m loop-protect-send-interval=5s mac-address=6C:3B:6B:C2:61:FA mtu=1500 name=LAN4 orig-mac-address=\
6C:3B:6B:C2:61:FA rx-flow-control=off speed=100Mbps tx-flow-control=off
set [ find default-name=ether5 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited comment=port5 \
disabled=no full-duplex=yes l2mtu=1598 loop-protect=default loop-protect-disable-time=5m loop-protect-send-interval=5s mac-address=D4:BE:D9:50:B9:7F mtu=1500 name=WAN orig-mac-address=\
6C:3B:6B:C2:61:FB rx-flow-control=off speed=100Mbps tx-flow-control=off
/queue interface
set LAN queue=no-queue
/interface ethernet switch
set 0 cpu-flow-control=yes mirror-source=none mirror-target=none name=switch1
/interface ethernet switch port
set 0 default-vlan-id=auto vlan-header=leave-as-is vlan-mode=disabled
set 1 default-vlan-id=auto vlan-header=leave-as-is vlan-mode=disabled
set 2 default-vlan-id=auto vlan-header=leave-as-is vlan-mode=disabled
set 3 default-vlan-id=auto vlan-header=leave-as-is vlan-mode=disabled
set 4 default-vlan-id=auto vlan-header=leave-as-is vlan-mode=disabled
set 5 default-vlan-id=auto vlan-header=leave-as-is vlan-mode=disabled
/interface list
set [ find name=all ] comment="contains all interfaces" exclude="" include="" name=all
set [ find name=none ] comment="contains no interfaces" exclude="" include="" name=none
set [ find name=dynamic ] comment="contains dynamic interfaces" exclude="" include="" name=dynamic
/interface lte apn
set [ find default=yes ] add-default-route=yes apn=internet default-route-distance=2 name=default use-peer-dns=yes
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk disable-pmkid=no eap-methods="" group-ciphers=tkip,aes-ccm group-key-update=5m interim-update=0s management-protection=disabled mode=dynamic-keys \
mschapv2-username="" name=default radius-called-format=mac:ssid radius-eap-accounting=no radius-mac-accounting=no radius-mac-authentication=no radius-mac-caching=disabled radius-mac-format=\
XX:XX:XX:XX:XX:XX radius-mac-mode=as-username static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=none static-sta-private-algo=none static-transmit-key=key-0 supplicant-identity=\
MikroTik tls-certificate=none tls-mode=no-certificates unicast-ciphers=tkip,aes-ccm
add authentication-types=wpa2-psk disable-pmkid=no eap-methods="" group-ciphers=tkip,aes-ccm group-key-update=5m interim-update=0s management-protection=allowed mode=dynamic-keys mschapv2-username="" \
name=wifi_guest radius-called-format=mac:ssid radius-eap-accounting=no radius-mac-accounting=no radius-mac-authentication=no radius-mac-caching=disabled radius-mac-format=XX:XX:XX:XX:XX:XX \
radius-mac-mode=as-username static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=none static-sta-private-algo=none static-transmit-key=key-0 supplicant-identity="" tls-certificate=\
none tls-mode=no-certificates unicast-ciphers=tkip,aes-ccm
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=none allow-sharedkey=no ampdu-priorities=0 amsdu-limit=8192 amsdu-threshold=8192 antenna-gain=0 area="" arp=enabled arp-timeout=auto band=2ghz-b/g \
basic-rates-a/g=6Mbps basic-rates-b=1Mbps bridge-mode=enabled channel-width=20mhz compression=no country=no_country_set default-ap-tx-limit=0 default-authentication=yes default-client-tx-limit=0 \
default-forwarding=yes disable-running-check=no disabled=no disconnect-timeout=3s distance=dynamic frame-lifetime=0 frequency=2412 frequency-mode=manual-txpower frequency-offset=0 guard-interval=any \
hide-ssid=no ht-basic-mcs=mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 ht-supported-mcs=\
mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15,mcs-16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23 hw-fragmentation-threshold=disabled \
hw-protection-mode=none hw-protection-threshold=0 hw-retries=7 interworking-profile=disabled keepalive-frames=enabled l2mtu=1600 mac-address=6C:3B:6B:C2:61:FC max-station-count=2007 mode=ap-bridge \
mtu=1500 multicast-buffering=enabled multicast-helper=default name=wlan1 noise-floor-threshold=default nv2-cell-radius=30 nv2-downlink-ratio=50 nv2-mode=dynamic-downlink nv2-noise-floor-offset=\
default nv2-qos=default nv2-queue-count=2 nv2-security=disabled nv2-sync-secret="" on-fail-retry-time=100ms preamble-mode=both radio-name=6C3B6BC261FC rate-selection=advanced rate-set=default \
rx-chains=0,1 scan-list=default secondary-channel="" security-profile=default ssid=AM station-bridge-clone-mac=00:00:00:00:00:00 station-roaming=enabled supported-rates-a/g=\
6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps tdma-period-size=2 tx-chains=0,1 tx-power-mode=default update-stats-interval=disabled vlan-id=1 \
vlan-mode=no-tag wds-cost-range=50-150 wds-default-bridge=none wds-default-cost=100 wds-ignore-ssid=no wds-mode=disabled wireless-protocol=any wmm-support=disabled wps-mode=push-button
add area="" arp=enabled arp-timeout=auto bridge-mode=enabled comment="guest access" default-ap-tx-limit=0 default-authentication=yes default-client-tx-limit=0 default-forwarding=yes \
disable-running-check=no disabled=no hide-ssid=no interworking-profile=disabled keepalive-frames=disabled l2mtu=1600 mac-address=02:00:00:AA:00:00 master-interface=wlan1 max-station-count=2007 mode=\
ap-bridge mtu=1500 multicast-buffering=disabled multicast-helper=default name=wlan2 security-profile=wifi_guest ssid=AM_Guest station-bridge-clone-mac=00:00:00:00:00:00 station-roaming=\
enabled update-stats-interval=disabled vlan-id=1 vlan-mode=no-tag wds-cost-range=0 wds-default-bridge=none wds-default-cost=0 wds-ignore-ssid=no wds-mode=disabled wmm-support=disabled wps-mode=\
push-button
/interface wireless manual-tx-power-table
set wlan1 manual-tx-powers="1Mbps:17,2Mbps:17,5.5Mbps:17,11Mbps:17,6Mbps:17,9Mbps:17,12Mbps:17,18Mbps:17,24Mbps:17,36Mbps:17,48Mbps:17,54Mbps:17,HT20-0:17,HT20-1:17,HT20-2:17,HT20-3:17,HT20-4:17,HT20-5:17\
,HT20-6:17,HT20-7:17,HT40-0:17,HT40-1:17,HT40-2:17,HT40-3:17,HT40-4:17,HT40-5:17,HT40-6:17,HT40-7:17"
set wlan2 comment="guest access"
/interface wireless nstreme
set wlan1 disable-csma=no enable-nstreme=no enable-polling=yes framer-limit=3200 framer-policy=none
set wlan2 comment="guest access"
/ip dhcp-client option
set clientid_duid code=61 name=clientid_duid value="0xff\$(CLIENT_DUID)"
set clientid code=61 name=clientid value="0x01\$(CLIENT_MAC)"
set hostname code=12 name=hostname value="\$(HOSTNAME)"
/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot html-directory-override="" http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=default \
rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
/ip hotspot user profile
set [ find default=yes ] add-mac-cookie=yes address-list="" idle-timeout=none !insert-queue-before keepalive-timeout=2m mac-cookie-timeout=3d name=default !parent-queue !queue-type shared-users=1 \
status-autorefresh=1m transparent-proxy=no
/ip ipsec mode-config
set [ find default=yes ] name=request-only responder=no
/ip ipsec peer profile
set [ find default=yes ] dh-group=modp3072 dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=aes-256 hash-algorithm=sha256 lifetime=1d name=default nat-traversal=yes proposal-check=obey
/ip ipsec policy group
set [ find default=yes ] name=default
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256 disabled=no enc-algorithms=aes-256-cbc lifetime=30m name=default pfs-group=modp3072
/ip pool
add name=dhcp_pool1 ranges=192.168.128.10-192.168.128.100
add name=dhcp_pool2 ranges=192.168.17.200-192.168.17.220
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=static disabled=no interface=LAN lease-script="" lease-time=1d name=dhcp1 use-radius=no
add address-pool=dhcp_pool2 authoritative=after-2sec-delay bootp-support=static disabled=no interface=wlan2 lease-script="" lease-time=1h name=dhcp2 use-radius=no
/ppp profile
set *0 address-list="" !bridge !bridge-horizon !bridge-path-cost !bridge-port-priority change-tcp-mss=yes !dns-server !idle-timeout !incoming-filter !insert-queue-before !interface-list !local-address \
name=default on-down="" on-up="" only-one=default !outgoing-filter !parent-queue !queue-type !rate-limit !remote-address !session-timeout use-compression=default use-encryption=default use-mpls=\
default use-upnp=default !wins-server
set *FFFFFFFE address-list="" !bridge !bridge-horizon !bridge-path-cost !bridge-port-priority change-tcp-mss=yes !dns-server !idle-timeout !incoming-filter !insert-queue-before !interface-list \
!local-address name=default-encryption on-down="" on-up="" only-one=default !outgoing-filter !parent-queue !queue-type !rate-limit !remote-address !session-timeout use-compression=default \
use-encryption=yes use-mpls=default use-upnp=default !wins-server
/interface l2tp-client
add add-default-route=no allow=mschap2 allow-fast-path=no connect-to=SERVER_PUBLIC_IPaddr dial-on-demand=no disabled=no keepalive-timeout=60 max-mru=1450 max-mtu=1450 mrru=1600 name=gl profile=\
default-encryption use-ipsec=no user=gl
/queue interface
set gl queue=no-queue
/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
set 5 kind=pcq name=pcq-upload-default pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 pcq-dst-address6-mask=128 pcq-limit=50KiB pcq-rate=0 \
pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000KiB
set 6 kind=pcq name=pcq-download-default pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-dst-address6-mask=128 pcq-limit=50KiB pcq-rate=0 \
pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000KiB
set 7 kind=none name=only-hardware-queue
set 8 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 9 kind=pfifo name=default-small pfifo-limit=10
/queue interface
set LAN1 queue=only-hardware-queue
set LAN2 queue=only-hardware-queue
set LAN3 queue=only-hardware-queue
set LAN4 queue=only-hardware-queue
set WAN queue=only-hardware-queue
set wlan1 queue=wireless-default
set wlan2 queue=wireless-default
/routing bgp instance
set default as=65530 client-to-client-reflection=yes !cluster-id !confederation disabled=no ignore-as-path-len=no name=default out-filter="" redistribute-connected=no redistribute-ospf=no \
redistribute-other-bgp=no redistribute-rip=no redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set [ find default=yes ] disabled=no distribute-default=never !domain-id !domain-tag in-filter=ospf-in metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=auto metric-rip=20 \
metric-static=20 !mpls-te-area !mpls-te-router-id name=default out-filter=ospf-out redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no redistribute-rip=no redistribute-static=no \
router-id=0.0.0.0 !routing-table !use-dn
/routing ospf area
set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=backbone type=default
/snmp community
set [ find default=yes ] addresses=::/0 authentication-protocol=MD5 encryption-protocol=DES name=public read-access=yes security=none write-access=no
/system logging action
set 0 memory-lines=1000 memory-stop-on-full=no name=memory target=memory
set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=1000 disk-stop-on-full=no name=disk target=disk
set 2 name=echo remember=yes target=echo
set 3 bsd-syslog=no name=remote remote=0.0.0.0 remote-port=514 src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto syslog-time-format=bsd-syslog target=remote
/user group
set read name=read policy=local,telnet,ssh,reboot,read,test,winbox,password,web,sniff,sensitive,api,romon,tikapp,!ftp,!write,!policy,!dude skin=default
set write name=write policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,sniff,sensitive,api,romon,tikapp,!ftp,!policy,!dude skin=default
set full name=full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp skin=default
/caps-man aaa
set called-format=mac:ssid interim-update=disabled mac-caching=disabled mac-format=XX:XX:XX:XX:XX:XX mac-mode=as-username
/caps-man manager
set ca-certificate=none certificate=none enabled=no package-path="" require-peer-certificate=no upgrade-policy=none
/caps-man manager interface
set [ find default=yes ] disabled=no forbid=no interface=all
/certificate settings
set crl-download=yes crl-store=system crl-use=yes
/interface bridge port
add auto-isolate=no bpdu-guard=no bridge=LAN broadcast-flood=yes disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes ingress-filtering=no interface=LAN1 internal-path-cost=10 \
learn=auto multicast-router=temporary-query path-cost=10 point-to-point=auto priority=0x80 pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes \
unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=LAN broadcast-flood=yes disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none ingress-filtering=no interface=wlan1 internal-path-cost=10 learn=\
auto multicast-router=temporary-query path-cost=10 point-to-point=auto priority=0x80 pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes \
unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=LAN broadcast-flood=yes disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes ingress-filtering=no interface=LAN2 internal-path-cost=10 \
learn=auto multicast-router=temporary-query path-cost=10 point-to-point=auto priority=0x80 pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes \
unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=LAN broadcast-flood=yes disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes ingress-filtering=no interface=LAN3 internal-path-cost=10 \
learn=auto multicast-router=temporary-query path-cost=10 point-to-point=auto priority=0x80 pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes \
unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=LAN broadcast-flood=yes disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes ingress-filtering=no interface=LAN4 internal-path-cost=10 \
learn=auto multicast-router=temporary-query path-cost=10 point-to-point=auto priority=0x80 pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes \
unknown-unicast-flood=yes
/interface bridge settings
set allow-fast-path=yes use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/ip firewall connection tracking
set enabled=auto generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-max-retrans-timeout=5m tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-time-wait-timeout=10s tcp-unacked-timeout=5m udp-stream-timeout=3m udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set accept-redirects=no accept-source-route=no allow-fast-path=yes arp-timeout=30s icmp-rate-limit=10 icmp-rate-mask=0x1818 ip-forward=yes max-neighbor-entries=8192 route-cache=yes rp-filter=no \
secure-redirects=yes send-redirects=yes tcp-syncookies=no
/interface detect-internet
set detect-interface-list=none internet-interface-list=none lan-interface-list=none wan-interface-list=none
/interface l2tp-server server
set allow-fast-path=no authentication=pap,chap,mschap1,mschap2 caller-id-type=ip-address default-profile=default-encryption enabled=no keepalive-timeout=30 max-mru=1450 max-mtu=1450 max-sessions=\
unlimited mrru=disabled one-session-per-host=no use-ipsec=no
/interface ovpn-server server
set auth=sha1,md5 cipher=blowfish128,aes128 default-profile=default enabled=no keepalive-timeout=60 mac-address=FE:EB:9F:52:1B:9F max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption enabled=no keepalive-timeout=30 max-mru=1450 max-mtu=1450 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=default enabled=no force-aes=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=disabled pfs=no port=443 tls-version=any \
verify-client-certificate=no
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 frames-per-second=25 receive-all=no ssid-all=no
/interface wireless cap
set bridge=none caps-man-addresses="" caps-man-certificate-common-names="" caps-man-names="" certificate=none discovery-interfaces="" enabled=no interfaces="" lock-to-caps-man=no static-virtual=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 multiple-channels=no only-headers=no receive-errors=no streaming-enabled=no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.128.254/24 disabled=no interface=LAN network=192.168.128.0
add address=192.168.17.1/24 disabled=no interface=wlan2 network=192.168.17.0
/ip cloud
set ddns-enabled=no update-time=yes
/ip cloud advanced
set use-local-address=no
/ip dhcp-client
add add-default-route=yes default-route-distance=1 dhcp-options=hostname,clientid disabled=no interface=WAN use-peer-dns=yes use-peer-ntp=yes
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.17.0/24 caps-manager="" dhcp-option="" dns-server="" gateway=192.168.17.1 ntp-server="" wins-server=""
add address=192.168.128.0/24 caps-manager="" dhcp-option="" dns-server="" gateway=192.168.128.254 ntp-server="" wins-server=""
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB max-concurrent-queries=100 max-concurrent-tcp-sessions=20 max-udp-packet-size=4096 query-server-timeout=2s query-total-timeout=10s \
servers=""
/ip firewall address-list
add address=192.168.0.5 disabled=no list="no internet"
/ip firewall filter
add action=drop chain=forward !connection-bytes !connection-limit !connection-mark !connection-nat-state !connection-rate !connection-state !connection-type !content disabled=yes !dscp !dst-address \
!dst-address-list !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options !in-bridge-port !in-interface !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit log=no \
log-prefix="" !nth !out-bridge-port out-interface=WAN !p2p !packet-mark !packet-size !per-connection-classifier !port !priority !protocol !psd !random !routing-mark !routing-table src-address=\
192.168.128.5 !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time !ttl
add action=accept chain=input !connection-bytes !connection-limit !connection-mark !connection-nat-state !connection-rate !connection-state !connection-type !content disabled=no !dscp !dst-address \
!dst-address-list !dst-address-type !dst-limit dst-port=1701,500,4500 !fragment !hotspot !icmp-options !in-bridge-port !in-interface !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol \
!limit log=no log-prefix="" !nth !out-bridge-port !out-interface !p2p !packet-mark !packet-size !per-connection-classifier !port !priority protocol=udp !psd !random !routing-mark !routing-table \
!src-address !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time !ttl
add action=accept chain=input !connection-bytes !connection-limit !connection-mark !connection-nat-state !connection-rate !connection-state !connection-type !content disabled=no !dscp !dst-address \
!dst-address-list !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options !in-bridge-port !in-interface !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit log=no \
log-prefix="" !nth !out-bridge-port !out-interface !p2p !packet-mark !packet-size !per-connection-classifier !port !priority protocol=ipsec-esp !psd !random !routing-mark !routing-table !src-address \
!src-address-list !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time !ttl
add action=drop chain=forward comment="drop guest wlan from local wlan" !connection-bytes !connection-limit !connection-mark !connection-nat-state !connection-rate !connection-state !connection-type \
!content disabled=no !dscp dst-address=192.168.128.0/24 !dst-address-list !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options !in-bridge-port !in-interface !ingress-priority \
!ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port !out-interface !p2p !packet-mark !packet-size !per-connection-classifier !port !priority !protocol !psd \
!random !routing-mark !routing-table src-address=192.168.17.0/24 !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time !ttl
add action=drop chain=input comment="drop incoming connections" !connection-bytes !connection-limit !connection-mark !connection-nat-state !connection-rate !connection-state !connection-type !content \
disabled=no !dscp !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options !in-bridge-port in-interface=WAN !ingress-priority !ipsec-policy !ipv4-options \
!layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port !out-interface !p2p !packet-mark !packet-size !per-connection-classifier !port !priority !protocol !psd !random !routing-mark \
!routing-table !src-address !src-address-list !src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time !ttl
/ip firewall nat
add action=src-nat chain=srcnat dst-address=SERVER_PUBLIC_IPaddr dst-port=1701 protocol=udp to-addresses=192.168.128.254 !to-ports
add action=masquerade chain=srcnat !connection-bytes !connection-limit !connection-mark !connection-rate !connection-type !content disabled=no !dscp !dst-address !dst-address-list !dst-address-type \
!dst-limit !dst-port !fragment !hotspot !icmp-options !in-bridge-port !in-interface !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port \
out-interface=WAN !packet-mark !packet-size !per-connection-classifier !port !priority !protocol !psd !random !routing-mark !routing-table !src-address !src-address-list !src-address-type \
!src-mac-address !src-port !tcp-mss !time !to-addresses !to-ports !ttl
add action=masquerade chain=srcnat !connection-bytes !connection-limit !connection-mark !connection-rate !connection-type !content disabled=yes !dscp !dst-address !dst-address-list !dst-address-type \
!dst-limit !dst-port !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface !in-interface-list !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit log=\
no log-prefix="" !nth !out-bridge-port !out-bridge-port-list out-interface=gl !out-interface-list !packet-mark !packet-size !per-connection-classifier !port !priority !protocol !psd !random \
!routing-mark !routing-table !src-address !src-address-list !src-address-type !src-mac-address !src-port !tcp-mss !time !tls-host !to-addresses !to-ports !ttl
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes sip-timeout=1h
set pptp disabled=no
set udplite disabled=no
set dccp disabled=no
set sctp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
set [ find default=yes ] comment="counters and limits for trial users" disabled=no name=default-trial
/ip ipsec peer
add address=SERVER_PUBLIC_IPaddr/32 auth-method=pre-shared-key-xauth disabled=no exchange-mode=main generate-policy=no local-address=192.168.128.254 policy-template-group=default profile=default \
send-initial-contact=no xauth-login=gl
/ip ipsec policy
set 0 disabled=no dst-address=::/0 group=default proposal=default protocol=all src-address=::/0 template=yes
add action=encrypt disabled=no dst-address=SERVER_PUBLIC_IPaddr/32 dst-port=1701 ipsec-protocols=esp level=require proposal=default protocol=udp src-address=192.168.128.254/32 src-port=any tunnel=no
/ip ipsec user settings
set xauth-use-radius=no
/ip proxy
set always-from-cache=no anonymous=no cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no cache-path=web-proxy enabled=no max-cache-object-size=2048KiB max-cache-size=unlimited \
max-client-connections=600 max-fresh-time=3d max-server-connections=600 parent-proxy=:: parent-proxy-port=0 port=8080 serialize-connections=no src-address=::
/ip route
add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref !bgp-med !bgp-origin !bgp-prepend !check-gateway comment="to PACS network" disabled=no distance=1 dst-address=192.168.2.0/24 \
gateway=10.50.0.10 pref-src=10.50.0.11 !route-tag !routing-mark scope=30 target-scope=10
add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref !bgp-med !bgp-origin !bgp-prepend !check-gateway comment="to radiologist network" disabled=no distance=1 dst-address=192.168.3.0/24 \
gateway=10.50.0.10 pref-src=10.50.0.11 !route-tag !routing-mark scope=30 target-scope=10
add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref !bgp-med !bgp-origin !bgp-prepend !check-gateway comment="to radiologist2 (kv office) network" disabled=no distance=1 \
dst-address=192.168.5.0/24 gateway=10.50.0.10 pref-src=10.50.0.11 !route-tag !routing-mark scope=30 target-scope=10
/ip service
set telnet address="" disabled=yes port=23
set ftp address="" disabled=yes port=21
set www address="" disabled=yes port=80
set ssh address="" disabled=yes port=22
set www-ssl address="" certificate=none disabled=yes port=443
set api address="" disabled=yes port=8728
set winbox address="" disabled=no port=8291
set api-ssl address="" certificate=none disabled=yes port=8729
/ip smb
set allow-guests=yes comment=MikrotikSMB domain=MSHOME enabled=no interfaces=all
/ip smb shares
set [ find default=yes ] comment="default share" directory=/pub disabled=no max-sessions=10 name=pub
/ip smb users
set [ find default=yes ] disabled=no name=guest read-only=yes
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip ssh
set always-allow-password-login=no forwarding-enabled=no host-key-size=2048 strong-crypto=no
/ip traffic-flow
set active-flow-timeout=30m cache-entries=32k enabled=no inactive-flow-timeout=15s interfaces=all
/ip traffic-flow ipfix
set bytes=yes dst-address=yes dst-address-mask=yes dst-mac-address=yes dst-port=yes first-forwarded=yes gateway=yes icmp-code=yes icmp-type=yes igmp-type=yes in-interface=yes ip-header-length=yes \
ip-total-length=yes ipv6-flow-label=yes is-multicast=yes last-forwarded=yes nat-dst-address=yes nat-dst-port=yes nat-src-address=yes nat-src-port=yes out-interface=yes packets=yes protocol=yes \
src-address=yes src-address-mask=yes src-mac-address=yes src-port=yes tcp-ack-num=yes tcp-flags=yes tcp-seq-num=yes tcp-window-size=yes tos=yes ttl=yes udp-length=yes
/ip upnp
set allow-disable-external-interface=no enabled=no show-dummy-rule=yes
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
set [ find default=yes ] disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 use-explicit-null=no
/port firmware
set directory=firmware ignore-directip-modem=no
/ppp aaa
set accounting=yes interim-update=0s use-circuit-id-in-nas-port-id=no use-radius=no
/radius incoming
set accept=no port=3799
/routing bfd interface
set [ find default=yes ] disabled=no interface=all interval=0.2s min-rx=0.2s multiplier=5
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m gateway-selection=no-gateway origination-interval=5s preferred-gateway=0.0.0.0 timeout=1m ttl=50
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no redistribute-connected=no redistribute-ospf=no \
redistribute-static=no routing-table=main timeout-timer=3m update-timer=30s
/snmp
set contact="" enabled=no engine-id="" location="" trap-community=public trap-generators=temp-exception trap-target="" trap-version=1
/system clock
set time-zone-autodetect=yes time-zone-name=Europe/...
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start="jan/01/1970 00:00:00" time-zone=+00:00
/system identity
set name=MikroTik
/system leds
set 0 disabled=no interface=wlan1 leds=wlan-led type=wireless-status
/system leds settings
set all-leds-off=never
/system logging
set 0 action=memory disabled=no prefix="" topics=info
set 1 action=memory disabled=no prefix="" topics=error
set 2 action=memory disabled=no prefix="" topics=warning
set 3 action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=no primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0 server-dns-names=""
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
set 3 cpu=auto
/system routerboard settings
set auto-upgrade=no boot-device=nand-if-fail-then-ethernet boot-protocol=bootp force-backup-booter=no protected-routerboot=disabled reformat-hold-button=20s reformat-hold-button-max=10m silent-boot=no
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m ping-timeout=1m watch-address=none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=100
/tool e-mail
set address=0.0.0.0 from=<> port=25 start-tls=no user=""
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set allowed-interface-list=all
/tool mac-server mac-winbox
set allowed-interface-list=all
/tool mac-server ping
set enabled=yes
/tool romon
set enabled=no id=00:00:00:00:00:00
/tool romon port
set [ find default=yes ] cost=100 disabled=no forbid=no interface=all
/tool sms
set allowed-number="" auto-erase=no channel=0 port=none receive-enabled=no
/tool sniffer
set file-limit=1000KiB file-name="" filter-cpu="" filter-direction=any filter-interface="" filter-ip-address="" filter-ip-protocol="" filter-ipv6-address="" filter-mac-address="" filter-mac-protocol="" \
filter-operator-between-entries=or filter-port="" filter-stream=no memory-limit=100KiB memory-scroll=yes only-headers=no streaming-enabled=no streaming-server=0.0.0.0
/tool traffic-generator
set latency-distribution-max=100us measure-out-of-order=yes stats-samples-to-keep=100 test-id=0
/user aaa
set accounting=yes default-group=read exclude-groups="" interim-update=0s use-radius=no