Page 1 of 1

Firewall Causing Low Throughput

Posted: Tue Jul 02, 2019 5:36 am
by Inigma
Hi all

We currently have a 500Mbps connection running in to our building.
I have tested directly from the ONT and we are getting 500Mbps exactly, but once I patch in to the router, I'm getting max 300Mbps but usually around 220 down and 150 up.

We do have a lot of filter rules (around 140 or so) but even after disable around 40 of them, the speeds remain the exact same.
Mangle is also set up and we use this to mark packets so we can control the throughput to each VLAN.
I have set up the queue tree to allow 400Mbps but we're not even getting close to that.

Any ideas around how to speed this up?
Would disabling more filter rules help?

Re: Firewall Causing Low Throughput

Posted: Tue Jul 02, 2019 8:29 am
by eddieb
please mention Router type,
Firewall packages are handled by the CPU, so on slower CPU models you might not get wire speed on your firewalled connection.

Re: Firewall Causing Low Throughput

Posted: Tue Jul 02, 2019 10:13 am
by Inigma
please mention Router type,
Firewall packages are handled by the CPU, so on slower CPU models you might not get wire speed on your firewalled connection.
Sorry! It's an RB1100AHx2.
So since it's handled by the cpu, how could I offload some of the rules, is there a way to be more efficient with the rules?

Sent from my SM-G955F using Tapatalk


Re: Firewall Causing Low Throughput

Posted: Tue Jul 02, 2019 10:22 am
by sindy
I'm afraid efficiency with rules won't help much as you also use queues. On the other hand, I hesitate to believe that 1100 AHx2 would be that weak, can you post your configuration following the anonymisation hint in my automatic signature?

Re: Firewall Causing Low Throughput

Posted: Tue Jul 02, 2019 10:32 am
by sebastia
Also post the output of cpu profiler (/tool profile cpu=all) during load

Re: Firewall Causing Low Throughput

Posted: Tue Jul 02, 2019 10:47 am
by Inigma
I'm afraid efficiency with rules won't help much as you also use queues. On the other hand, I hesitate to believe that 1100 AHx2 would be that weak, can you post your configuration following the anonymisation hint in my automatic signature?
I can post the config, though it's something like 3667 lines long!
Is that too long to post?
Is that indicative of the problem?
I'm not the one that configured this monster!

As for the CPU load, I'll have to do that tomorrow when I'm back at work!

Thanks for all the replies!

Re: Firewall Causing Low Throughput

Posted: Tue Jul 02, 2019 11:09 am
by sindy
Is that too long to post?
Should not be, use the [code]...[/code] tag around the export to let the post be displayed normally (long code is shown in a scroll window), but I don't know any size limit for a post as such.

Is that indicative of the problem?
Nothing else is - the only thing which can save you from the need to replace the AHx2 by something more powerful is that someone finds a way to optimize your setup.

Re: Firewall Causing Low Throughput

Posted: Tue Jul 02, 2019 12:47 pm
by Inigma
Okay so here it is, hopefully helpful, there's heaps to go through, though!
I will post the CPU info tomorrow, once I'm at work!
Thanks all!

# jul/02/2019 19:39:12 by RouterOS 5.14
# software id = 8P8D-PQK5
#
/interface ethernet
set 0 arp=enabled auto-negotiation=yes disabled=yes full-duplex=yes l2mtu=\
    1600 mac-address=00:0C:42:9B:3F:46 mtu=1500 name="ether12 - Spare" speed=\
    100Mbps
set 1 arp=enabled auto-negotiation=yes disabled=no full-duplex=yes l2mtu=1600 \
    mac-address=00:0C:42:9B:3F:47 mtu=1500 name=\
    "ether13 - Local Management Interface" speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:9B:3F:3B \
    master-port=none mtu=1500 name="ether1 - Incoming FX Fibre" speed=1Gbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:9B:3F:3C \
    master-port=none mtu=1500 name="ether2 -    sg adm" speed=\
    100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:9B:3F:3D \
    master-port=none mtu=1500 name="ether3 - spare" speed=1Gbps
set 5 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:9B:3F:3E \
    master-port=none mtu=1500 name="ether4 - Spare" speed=100Mbps
set 6 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:9B:3F:3F \
    master-port=none mtu=1500 name="ether5 - Link to LAN Core" speed=1Gbps
set 7 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:9B:3F:40 \
    master-port=none mtu=1500 name="ether6 - LACP1" speed=100Mbps
set 8 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:9B:3F:41 \
    master-port=none mtu=1500 name="ether7 - LACP1" speed=100Mbps
set 9 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:9B:3F:42 \
    master-port=none mtu=1500 name="ether8 - XSYS Server CSG" speed=100Mbps
set 10 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:9B:3F:43 \
    master-port=none mtu=1500 name="ether9 - XSYS Server XSYSLIVE" speed=\
    100Mbps
set 11 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:9B:3F:44 \
    master-port=none mtu=1500 name="ether10 -   Server" speed=100Mbps
set 12 arp=enabled auto-negotiation=yes disabled=yes full-duplex=yes l2mtu=\
    1600 mac-address=00:0C:42:9B:3F:45 mtu=1500 name="ether11 - Spare" speed=\
    100Mbps
/interface vlan
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="100 - ef" use-service-tag=no vlan-id=100
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="110 - LAN Connections" use-service-tag=no vlan-id=110
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="120 - Public Wifi" use-service-tag=no vlan-id=120
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="130 -   Ticketing" use-service-tag=no vlan-id=130
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="200 - EXPO Management" use-service-tag=no vlan-id=200
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="150 - dw office" use-service-tag=no vlan-id=150
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="099 - LAN Management" use-service-tag=no vlan-id=99
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="050 -  SG Camera" use-service-tag=no vlan-id=50
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="111 - A2017 - " use-service-tag=no vlan-id=111
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="112 - A2017 -  " use-service-tag=no \
    vlan-id=112
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="113 - A2017 -  " use-service-tag=no vlan-id=113
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="114 - A2017 -  " use-service-tag=no vlan-id=114
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="300 - WLAN Management" use-service-tag=no vlan-id=300
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="301 - WLAN Public WiFi" use-service-tag=no vlan-id=301
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="302 - WLAN Exhibitor" use-service-tag=no vlan-id=302
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="303 - WLAN Access Points" use-service-tag=no vlan-id=303
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="97 -   Backup" use-service-tag=no vlan-id=97
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="115 - A2017 -  " use-service-tag=no vlan-id=\
    115
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="116 - A2017 -  " use-service-tag=no vlan-id=116
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="117 - A2017 -  " use-service-tag=no vlan-id=117
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="118 - A2017 -  " use-service-tag=no vlan-id=118
add arp=enabled disabled=no interface="ether3 - spare" l2mtu=1594 mtu=1500 \
    name="119 - A2017 - VLAN 119 Test" use-service-tag=no vlan-id=119
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="55 -   sg VoIP" use-service-tag=no vlan-id=55
/interface bonding
add arp=enabled arp-interval=100ms arp-ip-targets="" disabled=no down-delay=\
    0ms lacp-rate=30secs link-monitoring=none mii-interval=100ms mode=802.3ad \
    mtu=1500 name="LACP1 - Core Link" primary=none slaves=\
    "ether6 - LACP1,ether7 - LACP1" transmit-ha-policy=layer-2 up-delay=0ms
/interface vlan
add arp=enabled disabled=no interface="LACP1 - Core Link" mtu=1500 name=\
    "140 -" use-service-tag=no vlan-id=140
add arp=enabled disabled=no interface="LACP1 - Core Link" mtu=1500 name=\
    "098 - WLAN Management" use-service-tag=no vlan-id=98
add arp=enabled disabled=no interface="LACP1 - Core Link" mtu=1500 name=\
    "299 - WLAN WAN" use-service-tag=no vlan-id=299
add arp=enabled disabled=yes interface="LACP1 - Core Link" mtu=1500 name=\
    "304 - Event Organiser Wi-Fi" use-service-tag=no vlan-id=304
/interface ethernet switch
set 0 mirror-source=none mirror-target=none name=switch2
set 1 mirror-source=none mirror-target=none name=switch1
/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=\
    hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=\
    cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0 \
    split-user-domain=no use-radius=no
add dns-name=publicwifi. .co.nz hotspot-address=192.168.112.1 \
    html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 \
    login-by=cookie,http-pap name=hsprof1 rate-limit=60M/60M smtp-server=\
    my.pub.ip.9 split-user-domain=no use-radius=no
add dns-name=premwifi. .co.nz hotspot-address=192.168.116.1 \
    html-directory=hotspot2 http-proxy=0.0.0.0:0 login-by=http-pap name=\
    hsprof2 rate-limit=10M/10M smtp-server=my.pub.ip.9 split-user-domain=no \
    use-radius=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m name=default \
    shared-users=1 status-autorefresh=1m transparent-proxy=no
add advertise=no idle-timeout=4h name="Multi User" open-status-page=always \
    shared-users=15 status-autorefresh=1m transparent-proxy=yes
add advertise=no idle-timeout=none keepalive-timeout=2m name=\
    "Staff Connections" open-status-page=always shared-users=1 \
    status-autorefresh=1m transparent-proxy=yes
add keepalive-timeout=15m name=Events rate-limit=2M/2M shared-users=unlimited \
    status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=\
    aes-128 lifetime=30m name=default pfs-group=modp1024
/ip pool
add name=dhcp_pool_ef ranges=192.168.101.22-192.168.101.254
add name=dhcp_pool_LAN_Connections ranges=192.168.102.51-192.168.102.250
add name="  Ticketing subnet" ranges=192.168.103.101-192.168.103.200
add name=dhcp_pool_EXPO_Management ranges=192.168.104.25-192.168.104.254
add name=dhcp_pool_public_hotspot ranges=192.168.112.2-192.168.115.254
add name=dhcp_pool_ _VPN ranges=192.168.97.10-192.168.97.14
add name=dhcp_pool_Private_Hotspot ranges=192.168.116.10-192.168.119.254
add name=dhcp_pool_Local_Management ranges=192.168.97.2-192.168.97.6
add name="WLAN management subnet" ranges=192.168.98.2-192.168.98.200
add name=dhcp_pool_LAN_Management ranges=192.168.99.2-192.168.99.200
add name=dhcp_pool2 ranges=192.168.92.51-192.168.92.254
add name=dhcp_pool3 ranges=192.168.93.51-192.168.93.254
add name=dhcp_pool4 ranges=192.168.94.51-192.168.94.254
add name="dhcp_pool_LAN_Connections 2" ranges=192.168.102.11-192.168.102.50
add name=dhcp_pool5 ranges=192.168.105.2-192.168.105.200
add name=dw ranges=192.168.106.101-192.168.106.199
add name=dhcp_pool6 ranges=192.168.107.150-192.168.107.200
add name=dhcp_pool7 ranges=192.168.107.101-192.168.107.200
add name=dhcp_pool8 ranges=192.168.108.101-192.168.108.200
add name=dhcp_pool9 ranges=192.168.109.101-192.168.109.200
add name=dhcp_pool10 ranges=192.168.110.101-192.168.110.200
add name=dhcp_pool_WLAN_Public_WiFi ranges=172.16.0.2-172.16.255.254
add name=dhcp_pool_WLANExhibitor ranges=192.168.120.2-192.168.127.254
add name=dhcp_pool_WLANAccessPoint ranges=192.168.200.2-192.168.201.254
add name=dhcp_pool12 ranges=192.168.96.200-192.168.96.254
add name=dhcp_pool20 ranges=192.168.91.51-192.168.91.200
add name=dhcp_pool21 ranges=192.168.90.51-192.168.90.200
add name=dhcp_pool22 ranges=192.168.89.51-192.168.89.200
add name=dhcp_pool23 ranges=192.168.88.51-192.168.88.200
add name=dhcp_pool25 ranges=192.168.96.51-192.168.96.199
add name=dhcp_pool24 ranges=192.168.95.51-192.168.95.200
add name=dhcp_pool27 ranges=192.168.113.51-192.168.113.200
add name=dhcp_pool26 ranges=192.168.111.51-192.168.111.200
add name=dhcp_pool_WLAN_Management ranges=192.168.100.50-192.168.100.200
/ip dhcp-server
add address-pool=dhcp_pool_ef authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface="100 - ef" lease-time=1d \
    name=ef
add address-pool=dhcp_pool_LAN_Connections authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface="110 - LAN Connections" \
    lease-time=4h name="LAN connections"
add address-pool="  Ticketing subnet" authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface="130 -   Ticketing" \
    lease-time=1w name="  Ticketing"
add address-pool=dhcp_pool_EXPO_Management authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface="200 - EXPO Management" \
    lease-time=1d name="EXPO management"
add address-pool=dhcp_pool_public_hotspot authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface="120 - Public Wifi" \
    lease-time=1h name="public hotspot"
add address-pool=dhcp_pool_Local_Management authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface=\
    "ether13 - Local Management Interface" lease-time=1h name=\
    "Local management interface"
add address-pool=dhcp_pool_Private_Hotspot authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface="ether6 - LACP1" lease-time=1h \
    name="private hotspot"
add address-pool="WLAN management subnet" authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface="098 - WLAN Management" \
    lease-time=1w name="WLAN management"
add address-pool=dhcp_pool_LAN_Management authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface="099 - LAN Management" \
    lease-time=1d name="LAN management"
add address-pool=dhcp_pool5 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="ether12 - Spare" lease-time=1w name=\
    " SGC POS"
add address-pool=dw authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="150 - dw office" lease-time=3d \
    name=dw
add address-pool=dhcp_pool7 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="111 - A2017 -  " lease-time=3d4h \
    name="A2017 -  "
add address-pool=dhcp_pool8 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="112 - A2017 -  " \
    lease-time=3d4h name="A2017 -  "
add address-pool=dhcp_pool9 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="113 - A2017 -  " lease-time=3d4h \
    name="A2017 - fe"
add address-pool=dhcp_pool10 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="114 - A2017 -  " lease-time=3d4h \
    name="A2017 - MKTG"
add address-pool=dhcp_pool_WLAN_Public_WiFi authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface="301 - WLAN Public WiFi" \
    lease-time=1d name="WLAN Public WiFi"
add address-pool=dhcp_pool_WLANExhibitor authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface="302 - WLAN Exhibitor" \
    lease-time=1d name="WLAN Exhibitor"
add address-pool=dhcp_pool_WLAN_Management authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface="300 - WLAN Management" \
    lease-time=1w name="WLAN Management"
add address-pool=dhcp_pool_WLANAccessPoint authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface="303 - WLAN Access Points" \
    lease-time=1w name="WLAN Access points"
add address-pool=dhcp_pool12 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="97 -   Backup" lease-time=1w name=\
    "  Backup Network"
add address-pool=dhcp_pool10 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="304 - Event Organiser Wi-Fi" lease-time=1w \
    name="EXPO Organiser Wi-Fi"
add address-pool=dhcp_pool20 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="116 - A2017 -  " lease-time=3d name=\
    "A2017 -  "
add address-pool=dhcp_pool23 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="115 - A2017 -  " lease-time=3d \
    name="A2017 -  "
add address-pool=dhcp_pool21 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="117 - A2017 -  " lease-time=3d name=\
    "A2017 -  "
add address-pool=dhcp_pool24 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="119 - A2017 - VLAN 119 Test" lease-time=3d \
    name="A2017 -   VR"
add address-pool=dhcp_pool22 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="118 - A2017 -  " lease-time=3d name=\
    "A2017 -  "
add address-pool=dhcp_pool24 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="ether3 - spare" lease-time=3d name=Ether3
/ip hotspot
add address-pool=dhcp_pool_public_hotspot addresses-per-mac=2 disabled=yes \
    idle-timeout=5m interface="120 - Public Wifi" keepalive-timeout=none \
    name="  Hotspot" profile=hsprof1
add address-pool=dhcp_pool_Private_Hotspot addresses-per-mac=2 disabled=yes \
    idle-timeout=5m interface="140 -" keepalive-timeout=none name=\
    "Spare wifi hotspot" profile=hsprof2
/ip hotspot user profile
add address-pool=dhcp_pool_public_hotspot advertise=no name=\
    "Premium Connections" open-status-page=always shared-users=2 \
    status-autorefresh=1m transparent-proxy=yes
/port
set 0 baud-rate=115200 data-bits=8 flow-control=none name=serial0 parity=none \
    stop-bits=1
set 1 baud-rate=115200 data-bits=8 flow-control=none name=serial1 parity=none \
    stop-bits=1
/ppp profile
set 0 change-tcp-mss=yes name=default only-one=default use-compression=\
    default use-encryption=default use-mpls=default use-vj-compression=\
    default
add change-tcp-mss=yes local-address=192.168.97.9 name="  VPN" only-one=\
    no use-compression=no use-encryption=yes use-mpls=no use-vj-compression=\
    no
add change-tcp-mss=yes local-address=192.168.101.201 name=profile1 only-one=\
    no use-compression=no use-encryption=yes use-mpls=no use-vj-compression=\
    no
set 3 change-tcp-mss=yes name=default-encryption only-one=default \
    use-compression=default use-encryption=yes use-mpls=default \
    use-vj-compression=default
/queue type
set 0 kind=pfifo name=default pfifo-limit=200
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 \
    red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
add kind=pcq name=PCQ_down_40M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=40M pcq-src-address-mask=\
    32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_up_40M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=40M pcq-src-address-mask=\
    32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_down_2M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=2M pcq-src-address-mask=32 \
    pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_up_2M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=2M pcq-src-address-mask=32 \
    pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_down_5M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=1m pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=5M pcq-src-address-mask=32 \
    pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_up_5M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=1m pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=5M pcq-src-address-mask=32 \
    pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_down_30M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=35M pcq-src-address-mask=\
    32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_up_30M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=35M pcq-src-address-mask=\
    32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_down_100M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=100 pcq-rate=100M \
    pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_up_100M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=100 pcq-rate=100M \
    pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_down_50M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=50M pcq-src-address-mask=\
    32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_up_50M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=50M pcq-src-address-mask=\
    32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_down_400M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=500 pcq-rate=400M \
    pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_up_400M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=2G pcq-rate=400M pcq-src-address-mask=\
    32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_down_20M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=20M pcq-src-address-mask=\
    32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_up_20M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=20M pcq-src-address-mask=\
    32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_down_150M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=200M pcq-rate=150M \
    pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_up_150M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=200M pcq-rate=150M \
    pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_down_125M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=125M pcq-rate=125M \
    pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_up_125M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=125M pcq-rate=125M \
    pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_down_200M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=200M pcq-rate=200M \
    pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_up_200M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=200M pcq-rate=200M \
    pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_down_60M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=60M pcq-rate=60M pcq-src-address-mask=\
    32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_up_60M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=60M pcq-rate=60M pcq-src-address-mask=\
    32 pcq-src-address6-mask=64 pcq-total-limit=2000
set 29 kind=none name=only-hardware-queue
set 30 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 31 kind=pfifo name=default-small pfifo-limit=10
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=10M \
    max-limit=10M name=99-up packet-mark=VLAN99_up parent=global-in priority=\
    1 queue=PCQ_up_100M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=10M \
    max-limit=10M name=99-down packet-mark=VLAN99_down parent=global-out \
    priority=1 queue=PCQ_down_100M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=35M \
    max-limit=35M name=100-down packet-mark=VLAN100_down parent=global-out \
    priority=1 queue=PCQ_down_30M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=35M \
    max-limit=35M name=100-up packet-mark=VLAN100_up parent=global-in \
    priority=1 queue=PCQ_up_30M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100M \
    max-limit=100M name=110-down packet-mark=VLAN110_down parent=global-out \
    priority=1 queue=PCQ_down_100M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100M \
    max-limit=100M name=110-up packet-mark=VLAN110_up parent=global-in \
    priority=1 queue=PCQ_up_100M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100M \
    max-limit=100M name=111-down packet-mark=VLAN111_down parent=global-out \
    priority=1 queue=PCQ_down_100M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100M \
    max-limit=100M name=111-up packet-mark=VLAN111_up parent=global-in \
    priority=1 queue=PCQ_up_100M
add burst-limit=100M burst-threshold=0 burst-time=10s disabled=no limit-at=\
    100M max-limit=100M name=112-down packet-mark=VLAN112_down parent=\
    global-out priority=1 queue=PCQ_down_100M
add burst-limit=100M burst-threshold=0 burst-time=10s disabled=no limit-at=\
    100M max-limit=100M name=112-up packet-mark=VLAN112_up parent=global-in \
    priority=1 queue=PCQ_up_100M
add burst-limit=25M burst-threshold=0 burst-time=10s disabled=no limit-at=20M \
    max-limit=25M name=113-down packet-mark=VLAN113_down parent=global-out \
    priority=1 queue=PCQ_down_20M
add burst-limit=25M burst-threshold=0 burst-time=10s disabled=no limit-at=20M \
    max-limit=25M name=113-up packet-mark=VLAN113_up parent=global-in \
    priority=1 queue=PCQ_up_20M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=50M \
    max-limit=50M name=114-down packet-mark=VLAN114_down parent=global-out \
    priority=1 queue=PCQ_down_50M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=50M \
    max-limit=50M name=114-up packet-mark=VLAN114_up parent=global-in \
    priority=1 queue=PCQ_up_50M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=40M \
    max-limit=40M name=120-down packet-mark=VLAN120_down parent=global-out \
    priority=4 queue=PCQ_down_40M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=40M \
    max-limit=40M name=120-up packet-mark=VLAN120_up parent=global-in \
    priority=4 queue=PCQ_up_40M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=400M \
    max-limit=400M name=200-down packet-mark=VLAN200_down parent=global-out \
    priority=1 queue=PCQ_down_400M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=400M \
    max-limit=400M name=200-up packet-mark=VLAN200_up parent=global-in \
    priority=1 queue=PCQ_up_400M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=150M \
    max-limit=400M name=299-down packet-mark=VLAN299_down parent=global-out \
    priority=6 queue=PCQ_down_400M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=150M \
    max-limit=400M name=299-up packet-mark=VLAN299_up parent=global-in \
    priority=6 queue=PCQ_up_400M
add burst-limit=0 burst-threshold=0 burst-time=0s comment=\
    "   sg adm Uplink" disabled=no limit-at=30M max-limit=50M \
    name=ETH2-down packet-mark=ETH2_down parent=global-out priority=1 queue=\
    PCQ_down_50M
add burst-limit=0 burst-threshold=0 burst-time=0s comment=\
    "   sg adm Uplink" disabled=no limit-at=30M max-limit=50M \
    name=ETH2-up packet-mark=ETH2_up parent=global-in priority=1 queue=\
    PCQ_up_50M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=10M \
    max-limit=10M name=150-up packet-mark=VLAN150_up parent=global-in \
    priority=1 queue=PCQ_up_100M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=10M \
    max-limit=10M name=150-down packet-mark=VLAN150_down parent=global-out \
    priority=1 queue=PCQ_down_100M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=20M \
    max-limit=20M name=115-down packet-mark=VLAN115_down parent=global-out \
    priority=8 queue=PCQ_down_20M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=20M \
    max-limit=20M name=115-up packet-mark=VLAN115_up parent=global-in \
    priority=8 queue=PCQ_up_20M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=30M \
    max-limit=30M name=116-down packet-mark=VLAN116_down parent=global-out \
    priority=1 queue=PCQ_down_30M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=30M \
    max-limit=30M name=116-up packet-mark=VLAN116_up parent=global-in \
    priority=1 queue=PCQ_up_30M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100M \
    max-limit=100M name=117-down packet-mark=VLAN117_down parent=global-out \
    priority=1 queue=PCQ_down_100M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100M \
    max-limit=100M name=117-up packet-mark=VLAN117_up parent=global-in \
    priority=1 queue=PCQ_up_100M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=30M \
    max-limit=30M name=118-down packet-mark=VLAN118_down parent=global-out \
    priority=1 queue=PCQ_down_30M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=30M \
    max-limit=30M name=118-up packet-mark=VLAN118_up parent=global-in \
    priority=1 queue=PCQ_up_30M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=50M \
    max-limit=50M name=119-down packet-mark=VLAN119_down parent=global-out \
    priority=4 queue=PCQ_down_50M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=50M \
    max-limit=50M name=119-up packet-mark=VLAN119_up parent=global-in \
    priority=4 queue=PCQ_up_50M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=50M \
    max-limit=50M name=301-down packet-mark=VLAN301_down parent=global-out \
    priority=2 queue=PCQ_down_50M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=50M \
    max-limit=50M name=301-up packet-mark=VLAN301_up parent=global-in \
    priority=2 queue=PCQ_up_50M
add burst-limit=105M burst-threshold=0 burst-time=15s disabled=no limit-at=\
    100M max-limit=100M name=302-down packet-mark=VLAN302_down parent=\
    global-out priority=2 queue=PCQ_down_100M
add burst-limit=105M burst-threshold=0 burst-time=15s disabled=no limit-at=\
    100M max-limit=100M name=302-up packet-mark=VLAN302_up parent=global-in \
    priority=2 queue=PCQ_up_100M
add burst-limit=55M burst-threshold=0 burst-time=10s disabled=no limit-at=50M \
    max-limit=50M name=300-down packet-mark=VLAN300_down parent=global-out \
    priority=2 queue=PCQ_down_50M
add burst-limit=55M burst-threshold=0 burst-time=10s disabled=no limit-at=50M \
    max-limit=50M name=300-up packet-mark=VLAN300_up parent=global-in \
    priority=2 queue=PCQ_up_50M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=60M \
    max-limit=60M name=130-up packet-mark=VLAN130_up parent=global-in \
    priority=1 queue=PCQ_up_60M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=60M \
    max-limit=60M name=130-down packet-mark=VLAN130_down parent=global-out \
    priority=1 queue=PCQ_down_60M
/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no \
    ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
    no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
    redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set [ find default=yes ] disabled=no distribute-default=never in-filter=\
    ospf-in metric-bgp=auto metric-connected=20 metric-default=1 \
    metric-other-ospf=auto metric-rip=20 metric-static=20 name=default \
    out-filter=ospf-out redistribute-bgp=no redistribute-connected=no \
    redistribute-other-ospf=no redistribute-rip=no redistribute-static=no \
    router-id=0.0.0.0
/routing ospf area
set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=\
    backbone type=default
/snmp community
set [ find default=yes ] address=0.0.0.0/0 authentication-protocol=MD5 \
    encryption-protocol=DES name=public read-access=yes security=none \
    write-access=no
/system logging action
set 0 memory-lines=100 memory-stop-on-full=no name=memory target=memory
set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
    disk-stop-on-full=no name=disk target=disk
set 2 name=echo remember=yes target=echo
set 3 bsd-syslog=no name=remote remote-port=514 src-address=0.0.0.0 \
    syslog-facility=daemon syslog-severity=auto target=remote
/user group
set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,w\
    eb,sniff,sensitive,api,!ftp,!write,!policy" skin=default
set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pa\
    ssword,web,sniff,sensitive,api,!ftp,!policy" skin=default
set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,\
    winbox,password,web,sniff,sensitive,api" skin=default
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
    no
/interface ethernet switch port
set 0 vlan-header=leave-as-is vlan-mode=disabled
set 1 vlan-header=leave-as-is vlan-mode=disabled
set 2 vlan-header=leave-as-is vlan-mode=disabled
set 3 vlan-header=leave-as-is vlan-mode=disabled
set 4 vlan-header=leave-as-is vlan-mode=disabled
set 5 vlan-header=leave-as-is vlan-mode=disabled
set 6 vlan-header=leave-as-is vlan-mode=disabled
set 7 vlan-header=leave-as-is vlan-mode=disabled
set 8 vlan-header=leave-as-is vlan-mode=disabled
set 9 vlan-header=leave-as-is vlan-mode=disabled
set 10 vlan-header=leave-as-is vlan-mode=disabled
set 11 vlan-header=leave-as-is vlan-mode=disabled
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
    default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
    default enabled=no keepalive-timeout=60 mac-address=FE:0D:2B:8C:22:D4 \
    max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile="  VPN" enabled=yes \
    keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=\
    default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=\
    disabled port=443 verify-client-certificate=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.97.1/29 disabled=no interface=\
    "ether13 - Local Management Interface" network=192.168.97.0
add address=192.168.101.1/24 disabled=no interface="100 - ef" network=\
    192.168.101.0
add address=192.168.102.1/24 disabled=no interface="110 - LAN Connections" \
    network=192.168.102.0
add address=192.168.103.1/24 disabled=no interface="130 -   Ticketing" \
    network=192.168.103.0
add address=192.168.104.1/24 disabled=no interface="200 - EXPO Management" \
    network=192.168.104.0
add address=192.168.112.1/22 disabled=no interface="120 - Public Wifi" \
    network=192.168.112.0
add address=192.168.116.1/22 disabled=no interface="140 -" network=\
    192.168.116.0
add address=my.pub.ip.1/30 disabled=no interface=\
    "ether1 - Incoming FX Fibre" network=my.pub.ip.6
add address=10.1.10.254/24 disabled=no interface="ether8 - Server CSG" \
    network=10.1.10.0
add address=10.1.1.254/24 disabled=no interface=\
    "ether9 - XSYS Server XSYSLIVE" network=10.1.1.0
add address=192.168.106.1/24 disabled=no interface=\
    "150 - dw office" network=192.168.106.0
add address=192.168.98.1/24 disabled=no interface="098 - WLAN Management" \
    network=192.168.98.0
add address=192.168.99.1/24 disabled=no interface="099 - LAN Management" \
    network=192.168.99.0
add address=10.100.1.254/16 disabled=no interface="ether10 -   Server" \
    network=10.100.0.0
add address=192.168.97.17/29 disabled=no interface=\
    "ether2 -    sg adm" network=192.168.97.16
add address=192.168.105.1/24 disabled=no interface="ether4 - Spare" network=\
    192.168.105.0
add address=192.168.100.1/24 disabled=no interface="300 - WLAN Management" \
    network=192.168.100.0
add address=192.168.107.1/24 disabled=no interface=\
    "111 - A2017 -  " network=192.168.107.0
add address=192.168.108.1/24 disabled=no interface=\
    "112 - A2017 -  " network=192.168.108.0
add address=192.168.109.1/24 disabled=no interface="113 - A2017 -  " \
    network=192.168.109.0
add address=192.168.110.1/24 disabled=no interface="114 - A2017 -  " \
    network=192.168.110.0
add address=172.16.0.1/16 disabled=no interface="301 - WLAN Public WiFi" \
    network=172.16.0.0
add address=192.168.120.1/21 disabled=no interface="302 - WLAN Exhibitor" \
    network=192.168.120.0
add address=192.168.200.1/24 disabled=no interface=\
    "303 - WLAN Access Points" network=192.168.200.0
add address=192.168.96.1/24 disabled=no interface="97 -   Backup" \
    network=192.168.96.0
add address=192.168.89.1/24 disabled=no interface="118 - A2017 -  " \
    network=192.168.89.0
add address=192.168.90.1/24 disabled=no interface="117 - A2017 -  " network=\
    192.168.90.0
add address=192.168.88.1/24 disabled=no interface=\
    "115 - A2017 -  " network=192.168.88.0
add address=192.168.91.1/24 disabled=no interface="116 - A2017 -  " \
    network=192.168.91.0
add address=192.168.95.1/24 disabled=no interface="ether3 - spare" network=\
    192.168.95.0
/ip arp
add address=192.168.99.203 disabled=no interface="099 - LAN Management" \
    mac-address=A8:2B:B5:E3:5E:C0
add address=192.168.104.61 disabled=no interface="200 - EXPO Management" \
    mac-address=00:20:6B:60:FE:F2
add address=192.168.101.21 disabled=no interface="100 - ef" mac-address=\
    44:8A:5B:98:AB:1B
add address=192.168.200.40 disabled=no interface="303 - WLAN Access Points" \
    mac-address=30:05:5C:18:69:12
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server lease
add address=192.168.103.101 client-id=1:28:80:23:f8:3f:bf disabled=no \
    mac-address=28:80:23:F8:3F:BF server="  Ticketing"
add address=192.168.104.28 disabled=no mac-address=00:20:6B:66:41:04 server=\
    "EXPO management"
add address=192.168.103.71 disabled=no mac-address=B4:2C:BE:3A:EE:40 server=\
    "  Ticketing"
add address=192.168.103.72 disabled=no mac-address=B4:2C:BE:3A:ED:8F server=\
    "  Ticketing"
add address=192.168.103.73 disabled=no mac-address=B4:2C:BE:3A:ED:9A server=\
    "  Ticketing"
add address=192.168.103.75 disabled=no mac-address=B4:2C:BE:3A:ED:56 server=\
    "  Ticketing"
add address=192.168.103.76 disabled=no mac-address=B4:2C:BE:3A:EE:45 server=\
    "  Ticketing"
add address=192.168.101.20 client-id=1:0:15:94:c2:f6:d0 comment=\
    "Receipt Printer for Coffee" disabled=no mac-address=00:15:94:C2:F6:D0 \
    server=ef
/ip dhcp-server network
add address=172.16.0.0/16 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=172.16.0.1 ntp-server="" wins-server=""
add address=192.168.88.0/24 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.88.1 ntp-server="" wins-server=""
add address=192.168.89.0/24 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.89.1 ntp-server="" wins-server=""
add address=192.168.90.0/24 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.90.1 ntp-server="" wins-server=""
add address=192.168.91.0/24 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.91.1 ntp-server="" wins-server=""
add address=192.168.92.0/24 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.92.1 ntp-server="" wins-server=""
add address=192.168.93.0/24 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.93.1 ntp-server="" wins-server=""
add address=192.168.94.0/24 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.94.1 ntp-server="" wins-server=""
add address=192.168.95.0/24 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.95.1 ntp-server="" wins-server=""
add address=192.168.96.0/24 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.96.1 ntp-server="" wins-server=""
add address=192.168.97.0/29 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.97.1 ntp-server="" wins-server=""
add address=192.168.98.0/24 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.98.1 ntp-server="" wins-server=""
add address=192.168.99.0/24 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.99.1 ntp-server="" wins-server=""
add address=192.168.100.0/24 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.100.1 ntp-server="" wins-server=""
add address=192.168.101.0/24 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.101.1 ntp-server="" wins-server=""
add address=192.168.102.0/24 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.102.1 ntp-server="" wins-server=""
add address=192.168.103.0/24 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.103.1 ntp-server="" wins-server=""
add address=192.168.104.0/24 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.104.1 ntp-server="" wins-server=""
add address=192.168.105.0/24 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.105.1 ntp-server="" wins-server=""
add address=192.168.106.0/24 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.106.1 netmask=24 ntp-server="" wins-server=""
add address=192.168.107.0/24 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.107.1 ntp-server="" wins-server=""
add address=192.168.108.0/24 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.108.1 ntp-server="" wins-server=""
add address=192.168.109.0/24 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.109.1 ntp-server="" wins-server=""
add address=192.168.110.0/24 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.110.1 ntp-server="" wins-server=""
add address=192.168.111.0/24 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.111.1 ntp-server="" wins-server=""
add address=192.168.112.0/22 comment="hotspot network" dhcp-option="" \
    dns-server="" gateway=192.168.112.1 ntp-server="" wins-server=""
add address=192.168.113.0/24 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.113.1 ntp-server="" ns-server=""
add address=192.168.116.0/22 comment="hotspot network" dhcp-option="" \
    dns-server=my.pub.ip.2,8.8.8.8 gateway=192.168.116.1 ntp-server="" \
    ns-server=""
add address=192.168.120.0/21 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.120.1 ntp-server="" wins-server=""
add address=192.168.200.0/22 dhcp-option="" dns-server=my.pub.ip.2,8.8.8.8 \
    gateway=192.168.200.1 ntp-server="" wins-server=""
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
    max-udp-packet-size=4096 servers=my.pub.ip.2,my.pub.ip.10,my.pub.ip.11
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
    tcp-close-wait-timeout=10s tcp-established-timeout=1d \
    tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
    tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
    tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=drop chain=input comment="*** START OF INPUT CHAIN ***       Drop i\
    nvalid packets coming into the router" connection-state=invalid disabled=\
    no
add action=drop chain=forward comment="*** START OF FORWARD CHAIN ***     Drop\
    \_invalid packets forwarding through the router" connection-state=invalid \
    disabled=no
add action=accept chain=input comment=\
    "Allow ICMP pings from all interfaces into the router" disabled=no \
    protocol=icmp
add action=accept chain=forward comment=\
    "Allow established connections forwarding through router" \
    connection-state=established disabled=no
add action=accept chain=forward comment=\
    "Allow related connections forwarding through the router" \
    connection-state=related disabled=no
add action=accept chain=input comment=\
    "Allow established connections into router" connection-state=established \
    disabled=no
add action=accept chain=input comment="Allow related connections into router" \
    connection-state=related disabled=no
add action=accept chain=forward comment=\
    "allow   backup network traffic out to the Internet" \
    connection-state=new disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.96.0/24
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.96.10 dst-port=21 protocol=tcp src-address=my.pub.ip.12
add action=accept chain=forward comment="FOR    sg OFFICE - DO NOT T\
    OUCH - allow all traffic to forward to this ip from public ip my.pub.ip.\
    5 via 1:1 NAT" disabled=no dst-address=192.168.97.18
add action=accept chain=input comment="FOR    sg OFFICE - DO NOT TOU\
    CH - allow all traffic to input for VPN access" disabled=no dst-address=\
    192.168.97.17
add action=accept chain=input comment="FOR    sg OFFICE - DO NOT TOU\
    CH - allow all traffic to input for VPN access" disabled=no src-address=\
    192.168.97.17
add action=accept chain=forward comment=\
    "FOR    sg OFFICE - DO NOT TOUCH" disabled=no src-address=\
    192.168.97.16/29
add action=accept chain=forward comment=\
    "17 rules for allowing traffic to pass to WLAN and other server " \
    connection-state=new disabled=no dst-address=192.168.100.254 dst-port=\
    12223 protocol=udp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=21 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=22 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=16384-65000 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=9443 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=9080 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=9997-9998 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=8111 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=8099-8100 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=8090 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=8443 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=8080 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=443 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=91 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=11443 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=161 protocol=udp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=123 protocol=udp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.253 dst-port=80 protocol=tcp
add action=accept chain=forward comment="Allow new connections from EXPO_Manag\
    ement VLAN\\subnet out to the internet" connection-state=new disabled=no \
    in-interface="200 - EXPO Management" out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.104.0/24
add action=accept chain=forward comment="2 rules to allow the weird nat stuff \
    between vlan 303 and vlan 300 to work" disabled=no dst-address=\
    my.pub.ip.1 src-address=192.168.100.0
add action=accept chain=forward disabled=no dst-address=192.168.100.0 \
    src-address=my.pub.ip.1
add action=accept chain=forward comment="2 rules to allow the weird nat stuff \
    between vlan 117 and vlan 300 to work" disabled=no dst-address=\
    my.pub.ip.1 src-address=192.168.90.0
add action=accept chain=forward disabled=no dst-address=192.168.90.0 \
    src-address=my.pub.ip.1
add action=accept chain=input comment=\
    "2 rules to enable access for dns requests into the router" disabled=no \
    dst-port=53 in-interface="303 - WLAN Access Points" protocol=tcp \
    src-address=192.168.200.0/22
add action=accept chain=input disabled=no dst-port=53 in-interface=\
    "303 - WLAN Access Points" protocol=udp src-address=192.168.200.0/22
add action=accept chain=forward comment=\
    "2 rules to enable routing between vlan 303 and vlan 300" \
    connection-state=new disabled=no dst-address=192.168.100.0/24 \
    src-address=192.168.200.0/22
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.200.0/22 src-address=192.168.100.0/24
add action=accept chain=forward comment=\
    "2 rules to enable routing between vlan 99 and vlan 303" \
    connection-state=new disabled=no dst-address=192.168.200.0/22 \
    src-address=192.168.99.0/24
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.99.0/24 src-address=192.168.200.0/22
add action=accept chain=forward comment=\
    "2 rules to enable routing between vlan 99 and vlan 300" \
    connection-state=new disabled=no dst-address=192.168.99.0/24 src-address=\
    192.168.100.0/24
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.0/24 src-address=192.168.99.0/24
add action=accept chain=forward comment=\
    "2 rules to enable routing between   VPN and vlan 300" \
    connection-state=new disabled=no dst-address=192.168.97.0/24 src-address=\
    192.168.100.0/24
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.0/24 src-address=192.168.97.0/24
add action=accept chain=forward comment=\
    "2 rules to enable routing between VPN and vlan 130" \
    connection-state=new disabled=no dst-address=192.168.97.0/24 src-address=\
    192.168.103.0/24
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.103.0/24 src-address=192.168.97.0/24
add action=accept chain=forward comment=\
    "allow vlan 303 access to the Internet" connection-state=new disabled=no \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.200.0/22
add action=accept chain=forward comment=\
    "allow vlan 303 access to the Internet" connection-state=new disabled=no \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.200.0/22
add action=accept chain=forward comment="FOR WLAN WIFI" \
    disabled=no src-address=192.168.100.0/30
add action=accept chain=forward comment="allow new connections from WLAN Man\
    agement network out to the Internet" connection-state=new disabled=no \
    in-interface="300 - WLAN Management" out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.100.0/24
add action=accept chain=forward comment=\
    "Allow traffic out to Internet from VLAN 119" connection-state=new \
    disabled=yes in-interface="ether3 - spare" out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.95.0/24
add action=accept chain=input comment=\
    "Allow TCP DNS from VLAN 119 into router" connection-state=new disabled=\
    yes dst-port=53 in-interface="ether3 - spare" protocol=tcp src-address=\
    192.168.95.0/24
add action=accept chain=input comment=\
    "Allow UDP DNS from VLAN 119 into router" connection-state=new disabled=\
    yes dst-port=53 in-interface="ether3 - spare" protocol=udp src-address=\
    192.168.95.0/24
add action=accept chain=forward comment=\
    "Allow routing between the LAN management VLAN and VPN connections" \
    connection-state=new disabled=no dst-address=192.168.97.9-192.168.97.14 \
    in-interface="099 - LAN Management" src-address=192.168.99.0/24
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.99.0/24 src-address=192.168.97.9-192.168.97.14
add action=accept chain=forward comment=\
    "Allow VPN Clients to reach each other" connection-state=new disabled=no \
    dst-address=192.168.97.9-192.168.97.15 src-address=\
    192.168.97.9-192.168.97.15
add action=accept chain=input comment="Allow VPN connections into router" \
    disabled=no dst-address=my.pub.ip.1 dst-port=1723 in-interface=\
    "ether1 - Incoming FX Fibre" protocol=tcp
add action=accept chain=forward comment="Allow new connections from the Local \
    Management interface out to the Internet" disabled=no in-interface=\
    "ether13 - Local Management Interface" out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.97.0/29
add action=accept chain=forward comment="Allow new connections from the WLAN M\
    anagement interface out to the Internet" connection-state=new disabled=no \
    in-interface="098 - WLAN Management" out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.98.0/24
add action=accept chain=forward comment="Allow new connections from the LAN Ma\
    nagement interface out to the Internet" connection-state=new disabled=no \
    in-interface="099 - LAN Management" out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.99.0/24
add action=accept chain=forward comment=\
    "Allow new connections from ef VLAN\\subnet out to the Internet" \
    connection-state=new disabled=no in-interface="100 - ef" \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.101.0/24
add action=accept chain=forward comment="Allow new connections from LAN_Connec\
    tions VLAN\\subnet out to the Internet" connection-state=new disabled=no \
    in-interface="110 - LAN Connections" out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.102.0/24
add action=accept chain=forward comment="Allow new connections from   Ti\
    cketing VLAN\\subnet out to the Internet" connection-state=new disabled=\
    no in-interface="130 -   Ticketing" out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.103.0/24
add action=accept chain=forward comment=\
    "Allow new connections from   VLAN\\subnet out to the internet" \
    connection-state=new disabled=yes in-interface=\
    "111 - A2017 -  " out-interface="ether1 - Incoming FX Fibre" \
    src-address=192.168.107.0/24
add action=accept chain=forward comment="Allow new connections from Total Inte\
    ractive VLAN\\subnet out to the internet" connection-state=new disabled=\
    yes in-interface="112 - A2017 -  " out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.108.0/24
add action=accept chain=forward comment=\
    "Allow new connections from   VLAN\\subnet out to the internet" \
    connection-state=new disabled=yes in-interface="113 - A2017 -  " \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.109.0/24
add action=accept chain=forward comment=\
    "Allow new connections from bp VLAN\\subnet out to the internet" \
    connection-state=new disabled=yes in-interface="114 - A2017 -  " \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.110.0/24
add action=accept chain=forward comment="Allow new connections from Beyond Rea\
    lity VLAN\\subnet out to the internet" connection-state=new disabled=yes \
    in-interface="115 - A2017 -  " out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.88.0/24
add action=accept chain=forward comment=\
    "Allow new connections from hl VLAN\\subnet out to the internet" \
    connection-state=new disabled=yes in-interface="116 - A2017 -  " \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.91.0/24
add action=accept chain=forward comment=\
    "Allow new connections from pbt VLAN\\subnet out to the internet" \
    connection-state=new disabled=yes in-interface="117 - A2017 -  " \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.90.0/24
add action=accept chain=forward comment=\
    "Allow new connections from aaaaaa VLAN\\subnet out to the internet" \
    connection-state=new disabled=yes in-interface="118 - A2017 -  " \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.89.0/24
add action=accept chain=forward comment=\
    "Allow new connections from aaaaaa VLAN\\subnet out to the internet" \
    connection-state=new disabled=no in-interface="ether3 - spare" \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.95.0/24
add action=accept chain=forward comment=\
    "Allow new connections from dw VLAN subnet out to the internet" \
    connection-state=new disabled=no in-interface="150 - dw office" \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.106.0/24
add action=accept chain=forward comment="Allow new connections from Premium_Wi\
    fi VLAN\\subnet out to the Internet" connection-state=new disabled=no \
    in-interface="301 - WLAN Public WiFi" out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.116.0/22
add action=accept chain=forward comment=\
    "Allow traffic from VLAN 301 out to the Internet" connection-state=new \
    disabled=no in-interface="301 - WLAN Public WiFi" out-interface=\
    "ether1 - Incoming FX Fibre" src-address=172.16.0.0/16
add action=accept chain=forward comment="Allow traffic from VLAN 301 to access\
    \_the vscg server and the other server on vlan 300" connection-state=new \
    disabled=no dst-address=192.168.100.253-192.168.100.254 in-interface=\
    "301 - WLAN Public WiFi" out-interface="300 - WLAN Management" \
    src-address=172.16.0.0/16
add action=accept chain=forward comment="return path for previous rule" \
    connection-state=new disabled=no dst-address=172.16.0.0/16 in-interface=\
    "300 - WLAN Management" out-interface="301 - WLAN Public WiFi" \
    src-address=192.168.100.253-192.168.100.254
add action=accept chain=forward comment=\
    "Allow traffic from VLAN 302 out to the Internet" connection-state=new \
    disabled=no in-interface="302 - WLAN Exhibitor" out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.120.0/21
add action=accept chain=forward comment="Allow traffic from VPN to go back out\
    \_to the Internet or else my Internet is broken when connected to this pla\
    ce" connection-state=new disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.97.9-192.168.97.14
add action=accept chain=forward comment="allow routing between router local ma\
    nagement interface and WLAN management subnet" connection-state=new \
    disabled=no dst-address=192.168.98.0/24 in-interface=\
    "ether13 - Local Management Interface" out-interface=\
    "098 - WLAN Management" src-address=192.168.97.0/29
add action=accept chain=forward comment="allow routing between router local ma\
    nagement interface and LAN management subnet" connection-state=new \
    disabled=no dst-address=192.168.99.0/24 in-interface=\
    "ether13 - Local Management Interface" out-interface=\
    "099 - LAN Management" src-address=192.168.97.0/29
add action=accept chain=forward comment="allow routing between router local ma\
    nagement interface and WLAN management subnet" connection-state=new \
    disabled=no dst-address=192.168.97.0/29 in-interface=\
    "098 - WLAN Management" out-interface=\
    "ether13 - Local Management Interface" src-address=192.168.98.0/24
add action=accept chain=forward comment="allow routing between router local ma\
    nagement interface and LAN management subnet" connection-state=new \
    disabled=no dst-address=192.168.97.0/29 in-interface=\
    "099 - LAN Management" out-interface=\
    "ether13 - Local Management Interface" src-address=192.168.99.0/24
add action=accept chain=forward comment=\
    "allow routing between WLAN and LAN management subnets" connection-state=\
    new disabled=no dst-address=192.168.99.0/24 in-interface=\
    "098 - WLAN Management" out-interface="099 - LAN Management" src-address=\
    192.168.98.0/24
add action=accept chain=forward comment=\
    "allow routing between WLAN and LAN management subnets" connection-state=\
    new disabled=no dst-address=192.168.98.0/24 in-interface=\
    "099 - LAN Management" out-interface="098 - WLAN Management" src-address=\
    192.168.99.0/24
add action=accept chain=forward comment=\
    "Allow routing between VPN connections and WLAN management VLAN" \
    connection-state=new disabled=no dst-address=192.168.98.0/24 \
    out-interface="098 - WLAN Management" src-address=\
    192.168.97.9-192.168.97.14
add action=accept chain=forward comment=\
    "Allow routing between VPN connections and the LAN management VLAN" \
    connection-state=new disabled=no dst-address=192.168.99.0/24 \
    out-interface="099 - LAN Management" src-address=\
    192.168.97.9-192.168.97.14
add action=accept chain=forward comment=\
    "Allow routing between the WLAN management VLAN and VPN connections" \
    connection-state=new disabled=no dst-address=192.168.97.9-192.168.97.14 \
    in-interface="098 - WLAN Management" src-address=192.168.98.0/24
add action=accept chain=input comment=\
    "Allow VPN connections access to the internals of the router" \
    connection-state=new disabled=no src-address=192.168.97.8/29
add action=accept chain=input comment="Allow any traffic into router from LAN \
    management (subnet 192.168.99.0/24)" disabled=no in-interface=\
    "099 - LAN Management" src-address=192.168.99.0/24
add action=accept chain=input comment="Allow any traffic into router from loca\
    l management (subnet 192.168.97.0/24)" disabled=no in-interface=\
    "ether13 - Local Management Interface" src-address=192.168.97.0/29
add action=accept chain=input comment=\
    "Allow DNS traffic into router from WLAN management" disabled=no \
    dst-port=53 in-interface="098 - WLAN Management" protocol=tcp \
    src-address=192.168.98.0/24
add action=accept chain=input comment=\
    "Allow DNS traffic into router from WLAN management" disabled=no \
    dst-port=53 in-interface="098 - WLAN Management" protocol=udp \
    src-address=192.168.98.0/24
add action=accept chain=input comment=\
    "Allow DNS requests over UDP into router" disabled=no dst-port=53 \
    in-interface="150 - dw office" protocol=udp src-address=\
    192.168.3.0/24
add action=accept chain=input comment=\
    "Allow DNS requests over TCP into router" disabled=no dst-port=53 \
    in-interface="150 - dw office" protocol=tcp src-address=\
    192.168.3.0/24
add action=accept chain=input comment=\
    "Allow dns requests from ef VLAN (subnet 192.168.101.0/24)" disabled=\
    no dst-port=53 in-interface="100 - ef" protocol=tcp src-address=\
    192.168.101.0/24
add action=accept chain=input comment=\
    "Allow dns requests from ef VLAN (subnet 192.168.101.0/24)" disabled=\
    no dst-port=53 in-interface="100 - ef" protocol=udp src-address=\
    192.168.101.0/24
add action=accept chain=input comment=\
    "Allow dns requests from LAN_Connections VLAN (subnet 192.168.102.0/24)" \
    disabled=no dst-port=53 in-interface="110 - LAN Connections" protocol=tcp \
    src-address=192.168.102.0/24
add action=accept chain=input comment=\
    "Allow dns requests from LAN_Connections VLAN (subnet 192.168.102.0/24)" \
    disabled=no dst-port=53 in-interface="110 - LAN Connections" protocol=udp \
    src-address=192.168.102.0/24
add action=accept chain=input comment=\
    "Allow dns requests from Misc VLAN (subnet 192.168.103.0/24)" disabled=no \
    dst-port=53 in-interface="130 -   Ticketing" protocol=tcp \
    src-address=192.168.103.0/24
add action=accept chain=input comment=\
    "Allow dns requests from Misc VLAN (subnet 192.168.103.0/24)" disabled=no \
    dst-port=53 in-interface="130 -   Ticketing" protocol=udp \
    src-address=192.168.103.0/24
add action=accept chain=input comment=\
    "Allow dns requests from EXPO_Management VLAN (subnet 192.168.104.0/24)" \
    disabled=no dst-port=53 in-interface="200 - EXPO Management" protocol=tcp \
    src-address=192.168.104.0/24
add action=accept chain=input comment=\
    "Allow dns requests from EXPO_Management VLAN (subnet 192.168.104.0/24)" \
    disabled=no dst-port=53 in-interface="200 - EXPO Management" protocol=udp \
    src-address=192.168.104.0/24
add action=accept chain=input comment=\
    "Allow dns requests from PUBLIC_Wifi VLAN (subnet 192.168.112.0/22)" \
    disabled=no dst-port=53 in-interface="120 - Public Wifi" protocol=tcp \
    src-address=192.168.112.0/22
add action=accept chain=input comment=\
    "Allow dns requests from PUBLIC_Wifi VLAN (subnet 192.168.112.0/22)" \
    disabled=no dst-port=53 in-interface="120 - Public Wifi" protocol=udp \
    src-address=192.168.112.0/22
add action=accept chain=input comment=\
    "Accept HTTP requests on port 80 from public hotspot" disabled=yes \
    dst-port=80 in-interface="120 - Public Wifi" protocol=tcp src-address=\
    192.168.112.0/22
add action=accept chain=input comment=\
    "Allow HTTPS requests on port 443 from public hotspot" disabled=yes \
    dst-port=443 in-interface="120 - Public Wifi" protocol=tcp src-address=\
    192.168.112.0/22
add action=accept chain=input comment=\
    "Allow connections to proxy on port 3128 from public hotspot" disabled=\
    yes dst-port=3128 in-interface="120 - Public Wifi" protocol=tcp \
    src-address=192.168.112.0/22
add action=accept chain=input comment=\
    "Allow connections to a proxy on port 8080 from public hotspot" disabled=\
    yes dst-port=8080 in-interface="120 - Public Wifi" protocol=tcp \
    src-address=192.168.112.0/22
add action=accept chain=input comment=\
    "Allow SMTP traffic into router on port 25 from public hotspot" disabled=\
    yes dst-port=25 in-interface="120 - Public Wifi" protocol=tcp \
    src-address=192.168.112.0/22
add action=accept chain=input comment=\
    "Allow dns requests from Premium Wifi VLAN (subnet 192.168.116.0/22)" \
    disabled=yes dst-port=53 in-interface="140 -" protocol=udp src-address=\
    192.168.116.0/22
add action=accept chain=input comment=\
    "Allow dns requests from Premium Wifi VLAN (subnet 192.168.116.0/22)" \
    disabled=yes dst-port=53 in-interface="140 -" protocol=tcp src-address=\
    192.168.116.0/22
add action=accept chain=input comment=\
    "Accept HTTP requests on port 80 from private hotspot" disabled=yes \
    dst-port=80 in-interface="140 -" protocol=tcp src-address=\
    192.168.116.0/22
add action=accept chain=input comment=\
    "Allow HTTPS requests on port 443 from private hotspot" disabled=yes \
    dst-port=443 in-interface="140 -" protocol=tcp src-address=\
    192.168.116.0/22
add action=accept chain=input comment=\
    "Allow connections to proxy on port 3128 from private hotspot" disabled=\
    yes dst-port=3128 in-interface="140 -" protocol=tcp src-address=\
    192.168.116.0/22
add action=accept chain=input comment=\
    "Allow connections to a proxy on port 8080 from private hotspot" \
    disabled=yes dst-port=8080 in-interface="140 -" protocol=tcp src-address=\
    192.168.116.0/22
add action=accept chain=forward comment=\
    "ub Controller Port Forwarding Rules" connection-state=new \
    disabled=no dst-address=192.168.99.253 dst-port=8085 protocol=tcp
add action=accept chain=forward disabled=no dst-address=192.168.99.253 \
    dst-port=3478 in-interface="ether1 - Incoming FX Fibre" protocol=udp
add action=accept chain=forward comment=\
    "Allow   network to    sg" connection-state=new disabled=\
    no dst-address=192.168.96.10 dst-port=21 protocol=tcp src-address=\
    my.pub.ip.8
add action=accept chain=forward comment="HTTPS ON DIFFERENT PORT" \
    connection-state=new disabled=no dst-address=my.pub.ip.1 dst-port=\
    4443 protocol=tcp
add action=accept chain=forward comment=\
    "Intervlan routing between   stage and   OMEN" connection-state=new \
    disabled=yes dst-address=192.168.95.0/24 src-address=192.168.90.0/24
add action=accept chain=forward connection-state=new disabled=yes \
    dst-address=192.168.90.0/24 src-address=192.168.95.0/24
add action=accept chain=forward comment="SSL 4443 to our webserver" disabled=\
    no dst-address=192.168.100.253 dst-port=4443 protocol=tcp
add action=accept chain=forward comment="RDP access to webserver" disabled=\
    yes dst-address=192.168.100.253 dst-port=3389 protocol=tcp
add action=drop chain=input comment="*** END OF INPUT CHAIN ***           Drop\
    \_all other packets headed into the router" disabled=no
add action=drop chain=forward comment="*** END OF FORWARD CHAIN ***      Drop \
    any other packets trying to pass through the router" disabled=no
/ip firewall mangle
add action=mark-connection chain=prerouting comment=\
    "ETH2 - mark packets upload" disabled=no new-connection-mark=ETH2_conn_up \
    passthrough=yes src-address=192.168.97.16/29
add action=mark-packet chain=prerouting connection-mark=ETH2_conn_up \
    disabled=no new-packet-mark=ETH2_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "ETH2 - mark packets download" disabled=no dst-address=192.168.97.16/29 \
    new-connection-mark=ETH2_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=ETH2_conn_down \
    disabled=no new-packet-mark=ETH2_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "99 - mark packets upload" disabled=no new-connection-mark=VLAN99_conn_up \
    passthrough=yes src-address=192.168.99.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN99_conn_up \
    disabled=no new-packet-mark=VLAN99_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "99 - mark packets download" disabled=no dst-address=192.168.99.0/24 \
    new-connection-mark=VLAN99_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN99_conn_down \
    disabled=no new-packet-mark=VLAN99_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "100 - mark packets upload" disabled=no new-connection-mark=\
    VLAN100_conn_up passthrough=yes src-address=192.168.101.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN100_conn_up \
    disabled=no new-packet-mark=VLAN100_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "100 - mark packets download" disabled=no dst-address=192.168.101.0/24 \
    new-connection-mark=VLAN100_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN100_conn_down \
    disabled=no new-packet-mark=VLAN100_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "110 - mark packets upload" disabled=no new-connection-mark=\
    VLAN110_conn_up passthrough=yes src-address=192.168.102.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN110_conn_up \
    disabled=no new-packet-mark=VLAN110_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "110 - mark packets download" disabled=no dst-address=192.168.102.0/24 \
    new-connection-mark=VLAN110_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN110_conn_down \
    disabled=no new-packet-mark=VLAN110_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "111 - mark packets upload" disabled=no new-connection-mark=\
    VLAN111_conn_up passthrough=yes src-address=192.168.107.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN111_conn_up \
    disabled=no new-packet-mark=VLAN111_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "111 - mark packets download" disabled=no dst-address=192.168.107.0/24 \
    new-connection-mark=VLAN111_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN111_conn_down \
    disabled=no new-packet-mark=VLAN111_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "112 - mark packets upload" disabled=no new-connection-mark=\
    VLAN112_conn_up passthrough=yes src-address=192.168.108.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN112_conn_up \
    disabled=no new-packet-mark=VLAN112_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "112 - mark packets download" disabled=no dst-address=192.168.108.0/24 \
    new-connection-mark=VLAN112_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN112_conn_down \
    disabled=no new-packet-mark=VLAN112_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "113 - mark packets upload" disabled=no new-connection-mark=\
    VLAN113_conn_up passthrough=yes src-address=192.168.109.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN113_conn_up \
    disabled=no new-packet-mark=VLAN113_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "113 - mark packets download" disabled=no dst-address=192.168.109.0/24 \
    new-connection-mark=VLAN113_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN113_conn_down \
    disabled=no new-packet-mark=VLAN113_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "114 - mark packets upload" disabled=no new-connection-mark=\
    VLAN114_conn_up passthrough=yes src-address=192.168.110.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN114_conn_up \
    disabled=no new-packet-mark=VLAN114_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "114 - mark packets download" disabled=no dst-address=192.168.110.0/24 \
    new-connection-mark=VLAN114_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN114_conn_down \
    disabled=no new-packet-mark=VLAN114_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "115 - mark packets upload" disabled=no new-connection-mark=\
    VLAN115_conn_up passthrough=yes src-address=192.168.88.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN115_conn_up \
    disabled=no new-packet-mark=VLAN115_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "115 - mark packets download" disabled=no dst-address=192.168.88.0/24 \
    new-connection-mark=VLAN115_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN115_conn_down \
    disabled=no new-packet-mark=VLAN115_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "116 - mark packets upload" disabled=no new-connection-mark=\
    VLAN116_conn_up passthrough=yes src-address=192.168.91.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN116_conn_up \
    disabled=no new-packet-mark=VLAN116_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "116 - mark packets download" disabled=no dst-address=192.168.91.0/24 \
    new-connection-mark=VLAN116_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN116_conn_down \
    disabled=no new-packet-mark=VLAN116_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "117 - mark packets upload" disabled=no new-connection-mark=\
    VLAN117_conn_up passthrough=yes src-address=192.168.90.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN117_conn_up \
    disabled=no new-packet-mark=VLAN117_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "117 - mark packets download" disabled=no dst-address=192.168.90.0/24 \
    new-connection-mark=VLAN117_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN117_conn_down \
    disabled=no new-packet-mark=VLAN117_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "118 - mark packets upload" disabled=no new-connection-mark=\
    VLAN118_conn_up passthrough=yes src-address=192.168.89.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN118_conn_up \
    disabled=no new-packet-mark=VLAN118_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "118 - mark packets download" disabled=no dst-address=192.168.89.0/24 \
    new-connection-mark=VLAN118_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN118_conn_down \
    disabled=no new-packet-mark=VLAN118_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "119 - mark packets upload" disabled=no new-connection-mark=\
    VLAN119_conn_up passthrough=yes src-address=192.168.95.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN119_conn_up \
    disabled=no new-packet-mark=VLAN119_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "119 - mark packets download" disabled=no dst-address=192.168.95.0/24 \
    new-connection-mark=VLAN119_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN119_conn_down \
    disabled=no new-packet-mark=VLAN119_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "120 - mark packets upload" disabled=no new-connection-mark=\
    VLAN120_conn_up passthrough=yes src-address=192.168.112.0/22
add action=mark-packet chain=prerouting connection-mark=VLAN120_conn_up \
    disabled=no new-packet-mark=VLAN120_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "120 - mark packets download" disabled=no dst-address=192.168.112.0/22 \
    new-connection-mark=VLAN120_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN120_conn_down \
    disabled=no new-packet-mark=VLAN120_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "VLAN130 - mark upload packets" disabled=no new-connection-mark=\
    VLAN130_conn_up passthrough=yes src-address=192.168.103.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN130_conn_up \
    disabled=no new-packet-mark=VLAN130_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "vlan 130 - mark packets download" disabled=no dst-address=\
    192.168.103.0/24 new-connection-mark=VLAN130_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN130_conn_down \
    disabled=no new-packet-mark=VLAN130_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "200 - mark packets upload" disabled=no new-connection-mark=\
    VLAN200_conn_up passthrough=yes src-address=192.168.104.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN200_conn_up \
    disabled=no new-packet-mark=VLAN200_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "200 - mark packets download" disabled=no dst-address=192.168.104.0/24 \
    new-connection-mark=VLAN200_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN200_conn_down \
    disabled=no new-packet-mark=VLAN200_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "299 - mark packets upload" disabled=no new-connection-mark=\
    VLAN299_conn_up passthrough=yes src-address=192.168.100.2
add action=mark-packet chain=prerouting connection-mark=VLAN299_conn_up \
    disabled=no new-packet-mark=VLAN299_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "299 - mark packets download" disabled=no dst-address=192.168.100.2 \
    new-connection-mark=VLAN299_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN299_conn_down \
    disabled=no new-packet-mark=VLAN299_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "150 - mark packets upload" disabled=no new-connection-mark=\
    VLAN150_conn_up passthrough=yes src-address=192.168.106.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN150_conn_up \
    disabled=no new-packet-mark=VLAN150_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "150 - mark packets download" disabled=no dst-address=192.168.106.0/24 \
    new-connection-mark=VLAN150_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN150_conn_down \
    disabled=no new-packet-mark=VLAN150_down passthrough=no
add action=mark-connection chain=postrouting comment=\
    "301 - mark packets download" disabled=no dst-address=172.16.0.0/16 \
    new-connection-mark=VLAN301_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN301_conn_down \
    disabled=no new-packet-mark=VLAN301_down passthrough=no
add action=mark-connection chain=prerouting comment="301-mark packets up" \
    disabled=no new-connection-mark=VLAN301_conn_up passthrough=yes \
    src-address=172.16.0.0/16
add action=mark-packet chain=prerouting connection-mark=VLAN301_conn_up \
    disabled=no new-packet-mark=VLAN301_up passthrough=no
add action=mark-connection chain=prerouting comment="302 - mark packets up" \
    disabled=no new-connection-mark=VLAN302_conn_up passthrough=yes \
    src-address=192.168.120.0/21
add action=mark-packet chain=prerouting connection-mark=VLAN302_conn_up \
    disabled=no new-packet-mark=VLAN302_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "302 - mark packets down" disabled=no dst-address=192.168.120.0/21 \
    new-connection-mark=VLAN302_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN302_conn_down \
    disabled=no new-packet-mark=VLAN302_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "300 - marking upload packets" disabled=no new-connection-mark=\
    VLAN300_conn_up passthrough=yes src-address=192.168.100.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN300_conn_up \
    disabled=no new-packet-mark=VLAN300_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "300 - mark packets download" disabled=no dst-address=192.168.100.0/24 \
    new-connection-mark=VLAN300_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN300_conn_down \
    disabled=no new-packet-mark=VLAN300_down passthrough=no
/ip firewall nat
add action=dst-nat chain=dstnat comment=\
    "2 rules for   Backup server to use a different public IP" disabled=\
    no dst-address=my.pub.ip.3 dst-port=21 protocol=tcp to-addresses=\
    192.168.96.10 to-ports=21
add action=src-nat chain=srcnat disabled=no src-address=192.168.96.10 \
    to-addresses=my.pub.ip.3
add action=dst-nat chain=dstnat comment="17 rules for remote access points con\
    necting to vscg server and other server" disabled=no dst-address=\
    my.pub.ip.1 dst-port=123 protocol=udp to-addresses=192.168.100.254 \
    to-ports=123
add action=dst-nat chain=dstnat disabled=no dst-address=my.pub.ip.1 \
    dst-port=12223 protocol=udp to-addresses=192.168.100.254 to-ports=12223
add action=dst-nat chain=dstnat disabled=no dst-address=my.pub.ip.1 \
    dst-port=161 protocol=udp to-addresses=192.168.100.254 to-ports=161
add action=dst-nat chain=dstnat disabled=no dst-address=my.pub.ip.1 \
    dst-port=21 protocol=tcp to-addresses=192.168.100.254 to-ports=21
add action=dst-nat chain=dstnat disabled=no dst-address=my.pub.ip.1 \
    dst-port=22 protocol=tcp to-addresses=192.168.100.254 to-ports=22
add action=dst-nat chain=dstnat disabled=no dst-address=my.pub.ip.1 \
    dst-port=16384-65000 protocol=tcp to-addresses=192.168.100.254 to-ports=\
    16384-65000
add action=dst-nat chain=dstnat disabled=no dst-address=my.pub.ip.1 \
    dst-port=9443 protocol=tcp to-addresses=192.168.100.254 to-ports=9443
add action=dst-nat chain=dstnat disabled=no dst-address=my.pub.ip.1 \
    dst-port=9080 protocol=tcp to-addresses=192.168.100.254 to-ports=9080
add action=dst-nat chain=dstnat disabled=no dst-address=my.pub.ip.1 \
    dst-port=9997-9998 protocol=tcp to-addresses=192.168.100.254 to-ports=\
    9997-9998
add action=dst-nat chain=dstnat disabled=no dst-address=my.pub.ip.1 \
    dst-port=8111 protocol=tcp to-addresses=192.168.100.254 to-ports=8111
add action=dst-nat chain=dstnat disabled=no dst-address=my.pub.ip.1 \
    dst-port=8099-8100 protocol=tcp to-addresses=192.168.100.254 to-ports=\
    8099-8100
add action=dst-nat chain=dstnat disabled=no dst-address=my.pub.ip.1 \
    dst-port=8090 protocol=tcp to-addresses=192.168.100.254 to-ports=8090
add action=dst-nat chain=dstnat disabled=no dst-address=my.pub.ip.1 \
    dst-port=8443 protocol=tcp to-addresses=192.168.100.254 to-ports=8443
add action=dst-nat chain=dstnat disabled=no dst-address=my.pub.ip.1 \
    dst-port=8080 protocol=tcp to-addresses=192.168.100.254 to-ports=8080
add action=dst-nat chain=dstnat disabled=no dst-address=my.pub.ip.1 \
    dst-port=443 protocol=tcp to-addresses=192.168.100.254 to-ports=443
add action=dst-nat chain=dstnat disabled=no dst-address=my.pub.ip.1 \
    dst-port=91 protocol=tcp to-addresses=192.168.100.254 to-ports=91
add action=dst-nat chain=dstnat disabled=no dst-address=my.pub.ip.1 \
    dst-port=11443 protocol=tcp to-addresses=192.168.100.254 to-ports=11443
add action=dst-nat chain=dstnat disabled=no dst-address=my.pub.ip.1 \
    dst-port=80 protocol=tcp to-addresses=192.168.100.253 to-ports=80
add action=dst-nat chain=dstnat comment="ub Controller" disabled=no \
    dst-port=8085 protocol=tcp to-addresses=192.168.99.253 to-ports=8085
add action=dst-nat chain=dstnat disabled=no dst-port=3478 in-interface=\
    "ether1 - Incoming FX Fibre" protocol=udp to-addresses=192.168.99.253 \
    to-ports=3478
add action=dst-nat chain=dstnat disabled=yes dst-port=3389 protocol=tcp \
    to-addresses=192.168.100.253 to-ports=3389
add action=src-nat chain=srcnat comment=\
    "nat so the return path from vlan 300 to vlan 303 works right" disabled=\
    no dst-address=192.168.200.0/22 src-address=192.168.100.0/24 \
    to-addresses=my.pub.ip.1
add action=masquerade chain=srcnat comment=\
    "masquerade vlan 303 traffic headed for the Internet" disabled=no \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.200.0/22
add action=masquerade chain=srcnat comment=\
    "masquerade vlan 117 traffic headed for the Internet" disabled=no \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.90.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade vlan 117 traffic headed for the Internet" disabled=no \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.95.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade traffic from dw network headed for the Internet" \
    disabled=no out-interface="ether1 - Incoming FX Fibre" src-address=\
    192.168.106.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade traffic from dw network headed for the Internet" \
    disabled=no out-interface="ether1 - Incoming FX Fibre" src-address=\
    192.168.107.0/24
add action=netmap chain=dstnat comment=\
    "FOR   sg adm OFFICE - DO NOT TOUCH" disabled=no dst-address=\
    my.pub.ip.4 to-addresses=192.168.97.18
add action=netmap chain=srcnat comment=\
    "FOR    sg adm OFFICE - DO NOT TOUCH" disabled=no \
    src-address=192.168.97.18 to-addresses=my.pub.ip.4
add action=masquerade chain=srcnat comment=\
    "masquerade traffic from  SGC POS network headed for the Internet" \
    disabled=no out-interface="ether1 - Incoming FX Fibre" src-address=\
    192.168.105.0/24
add action=masquerade chain=srcnat comment="potentially redundant rule - was s\
    et up for   sg adm connection, went another route" disabled=no \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.97.16/29
add action=masquerade chain=srcnat comment=\
    "masquerade internet traffic from local management interface" disabled=no \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.97.0/29
add action=masquerade chain=srcnat comment=\
    "masquerade Internet traffic from VPN connections out to the Internet" \
    disabled=no out-interface="ether1 - Incoming FX Fibre" src-address=\
    192.168.97.9-192.168.97.14
add action=masquerade chain=srcnat comment=\
    "masquerade traffic from LAN Management interface" disabled=no \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.99.0/24
add action=masquerade chain=srcnat comment="masquerade ef network" \
    disabled=no out-interface="ether1 - Incoming FX Fibre" src-address=\
    192.168.101.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade LAN_Connections network" disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.102.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade   Ticketing network" disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.103.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade EXPO_Management network" disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.104.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade VLAN 112 -   network" disabled=no \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.108.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade VLAN 113 -   network" disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.109.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade VLAN 114 - bp network" disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.110.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade VLAN 115 -   network" disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade internet traffic from WLAN management interface" disabled=no \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.98.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade VLAN 116 -  network" disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.91.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade VLAN 117 -  network" disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.90.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade VLAN 118 - aaaaaa network" disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.89.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade VLAN 119 -   2 network" disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.95.0/24
add action=masquerade chain=srcnat comment="masquerade WLAN Public WiFi" \
    disabled=no out-interface="ether1 - Incoming FX Fibre" src-address=\
    172.16.0.0/16
add action=masquerade chain=srcnat comment="masquerade WLAN Exhibitor WiFi" \
    disabled=no out-interface="ether1 - Incoming FX Fibre" src-address=\
    192.168.120.0/21
add action=masquerade chain=srcnat comment=\
    "masquerade for WLAN Management network" disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.100.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    disabled=no out-interface="ether1 - Incoming FX Fibre" src-address=\
    192.168.112.0/22
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    disabled=no out-interface="ether1 - Incoming FX Fibre" src-address=\
    192.168.116.0/22
add action=masquerade chain=srcnat disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.96.0/24
add action=src-nat chain=srcnat comment="  Backup" disabled=no \
    src-address=192.168.96.10 to-addresses=my.pub.ip.8
add action=dst-nat chain=dstnat disabled=no dst-address=my.pub.ip.8 \
    dst-port=21 protocol=tcp src-port="" to-addresses=192.168.96.10 to-ports=\
    21
add action=dst-nat chain=dstnat comment=\
    "WEB SERVER HTTPS USING DIFFERENT PORT" disabled=no dst-address=\
    my.pub.ip.1 dst-port=4443 protocol=tcp to-addresses=192.168.100.253 \
    to-ports=4443
add action=dst-nat chain=dstnat disabled=no dst-address=my.pub.ip.3 \
    dst-port=80 protocol=tcp to-addresses=192.168.100.253 to-ports=80
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add disabled=no name=adm profile=default
add comment=  disabled=no name=Steve profile="Staff Connections" server=\
    "  Hotspot"
add comment="   sg staff" disabled=no name=sh profile=\
    "Staff Connections" server="  Hotspot"
add comment="sl and Power, password = slp123" disabled=no name=Josh \
    profile="Staff Connections" server="  Hotspot"
add comment="sl and Power, password = slp123" disabled=no name=Jason \
    profile="Staff Connections" server="  Hotspot"
add comment="sl and Power, password = slp123" disabled=no name=Reuben \
    profile="Staff Connections" server="  Hotspot"
add disabled=no name=kt profile="Staff Connections" server="  Hotspot"
add disabled=yes name=user21 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user22 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user23 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user24 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user25 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user26 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user27 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user28 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user29 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user30 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user31 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user32 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user33 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user34 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user35 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user36 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user37 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user38 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user39 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user40 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user41 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user42 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user43 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user44 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user45 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user46 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user47 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user48 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user49 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user50 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user51 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user52 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user53 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user1 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user2 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user3 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user4 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user5 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user6 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user7 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user8 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user9 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user10 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user11 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user12 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user13 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user14 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user15 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user16 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user17 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user18 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user19 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user20 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user54 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user55 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user56 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user57 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user58 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user59 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user60 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user61 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user62 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user63 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user64 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user65 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user66 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user67 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user68 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user69 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user70 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user71 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user72 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user73 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user74 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user75 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user76 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user77 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user78 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user79 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user80 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user81 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user82 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user83 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user84 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user85 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user86 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user87 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user88 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user89 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user90 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=k profile="Staff Connections" server="  Hotspot"
add disabled=yes name=user91 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user92 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user93 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user94 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user95 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user96 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user97 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user98 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user99 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user100 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user101 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user102 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user103 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user104 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user105 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user106 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user107 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user108 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user109 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user110 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user111 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user112 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user113 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user114 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user115 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user116 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user117 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user118 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user119 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user120 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user121 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user122 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user123 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user124 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user125 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user126 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user127 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user128 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user129 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user130 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user131 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user132 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user133 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user134 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user135 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user136 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user137 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user138 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user139 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user140 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user141 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user142 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user143 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user144 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user145 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user146 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user147 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user148 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user149 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user150 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user151 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user152 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user153 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user154 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user155 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user156 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user157 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user158 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user159 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user160 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user161 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user162 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user163 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user164 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user165 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user166 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user167 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user168 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user169 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user170 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user171 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user172 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user173 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user174 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user175 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user176 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user177 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user178 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user179 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user180 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user181 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user182 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user183 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user184 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user185 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user186 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user187 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user188 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user189 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user190 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user191 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user192 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user193 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user194 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user195 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user196 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user197 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user198 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user199 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user200 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user201 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user202 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user203 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user204 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user205 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user206 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user207 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user208 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user209 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user210 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user211 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user212 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user213 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user214 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user215 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user216 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user217 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user218 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user219 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user220 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user221 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user222 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user223 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user224 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user225 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user226 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user227 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user228 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user229 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user230 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user231 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user232 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user233 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user234 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user235 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user236 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user237 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user238 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user239 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user240 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user241 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user242 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user243 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user244 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user245 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user246 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user247 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user248 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user249 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user250 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user251 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user252 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user253 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user254 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user255 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user256 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user257 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user258 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user259 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user260 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user261 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user262 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user263 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user264 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user265 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user266 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user267 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user268 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user269 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user270 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user271 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user272 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user273 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user274 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user275 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user276 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user277 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user278 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user279 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user280 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user281 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user282 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user283 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user284 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user285 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user286 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user287 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user288 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user289 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user290 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user291 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user292 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user293 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user294 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user295 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user296 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user297 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user298 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user299 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user300 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user301 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user302 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user303 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user304 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user305 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user306 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user307 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user308 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user309 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user310 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user311 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user312 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user313 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user314 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user315 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user316 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user317 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user318 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user319 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user320 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user321 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user322 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user323 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user324 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user325 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user326 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user327 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user328 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user329 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user330 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user331 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user332 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user333 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user334 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user335 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user336 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user337 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user338 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user339 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user340 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user341 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user342 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user343 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user344 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user345 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user346 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user347 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user348 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user349 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user350 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user351 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user352 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user353 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user354 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user355 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user356 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user357 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user358 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user359 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user360 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user361 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user362 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user363 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user364 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user365 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user366 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user367 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user368 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user369 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user370 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user371 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user372 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user373 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user374 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user375 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user376 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user377 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user378 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user379 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user380 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user381 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user382 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user383 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user384 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user385 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user386 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user387 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user388 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user389 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user390 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user391 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user392 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user393 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user394 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user395 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user396 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user397 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user398 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user399 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user400 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user401 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user402 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user403 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user404 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user405 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user406 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user407 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user408 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user409 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user410 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user411 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user412 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user413 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user414 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user415 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user416 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user417 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user418 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user419 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user420 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user421 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user422 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user423 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user424 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user425 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user427 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user428 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user429 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user430 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user431 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user432 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user433 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user434 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user426 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user435 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user436 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user437 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user438 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user439 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user440 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user441 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user442 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user443 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user444 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user445 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user446 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user447 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user448 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user449 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user450 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user451 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user452 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user453 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user454 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user455 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user456 profile=Events server="  Hotspot"
add disabled=yes name=user457 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user458 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user459 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user460 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user461 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user462 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user463 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user464 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user465 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user466 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user467 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user468 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user469 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user470 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user471 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user472 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user473 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user474 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user475 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user476 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user477 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user478 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user479 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user480 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user481 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user482 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user483 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user484 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user485 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user486 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user487 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user488 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user489 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user490 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user491 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user492 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user493 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user494 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user495 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user496 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user497 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user498 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user499 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user500 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user501 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user502 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user503 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user504 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user505 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user506 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user507 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user508 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user509 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user510 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user511 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user512 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user513 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user514 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user515 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user516 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user517 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user518 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user519 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user520 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user521 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user522 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user523 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user524 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user525 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user526 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user527 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user528 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user529 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user530 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user531 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user532 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user533 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user534 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user535 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user536 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user537 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user538 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user539 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user540 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user541 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user542 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user543 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user544 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user545 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user546 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user547 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user548 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user549 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user550 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user551 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user552 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user553 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user554 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user555 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user556 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user557 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user558 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user559 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user560 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user561 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user562 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user563 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user564 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user565 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user566 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user567 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user568 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user569 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user570 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user571 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user572 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user573 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user574 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user575 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=tsaichin2014 profile=Events server="  Hotspot"
add disabled=yes name=user576 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user577 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user578 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user579 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user580 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user581 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user582 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user583 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user584 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user585 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user586 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user587 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user588 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user589 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user590 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user591 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user592 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user593 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user594 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user595 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user596 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user597 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user598 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user599 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user600 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user601 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user602 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user603 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user604 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user605 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user606 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user607 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user608 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user609 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user610 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user611 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user612 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user613 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user614 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user615 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user616 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user617 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user618 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user619 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user620 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user621 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user622 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user623 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user624 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user625 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user626 profile=Events server="  Hotspot"
add disabled=yes name=user627 profile=Events server="  Hotspot"
add disabled=yes name=user628 profile=Events server="  Hotspot"
add disabled=yes name=user629 profile=Events server="  Hotspot"
add disabled=yes name=user630 profile=Events server="  Hotspot"
add disabled=yes name=user631 profile=Events server="  Hotspot"
add disabled=yes name=user632 profile=Events server="  Hotspot"
add disabled=yes name=user633 profile=Events server="  Hotspot"
add disabled=yes name=user634 profile=Events server="  Hotspot"
add disabled=yes name=user635 profile=Events server="  Hotspot"
add disabled=yes name=user636 profile=Events server="  Hotspot"
add disabled=yes name=user637 profile=Events server="  Hotspot"
add disabled=yes name=user638 profile=Events server="  Hotspot"
add disabled=yes name=user639 profile=Events server="  Hotspot"
add disabled=yes name=user640 profile=Events server="  Hotspot"
add disabled=yes name=user641 profile=Events server="  Hotspot"
add disabled=yes name=user642 profile=Events server="  Hotspot"
add disabled=yes name=user643 profile=Events server="  Hotspot"
add disabled=yes name=user644 profile=Events server="  Hotspot"
add disabled=yes name=user645 profile=Events server="  Hotspot"
add disabled=yes name=user646 profile=Events server="  Hotspot"
add disabled=yes name=user647 profile=Events server="  Hotspot"
add disabled=yes name=user648 profile=Events server="  Hotspot"
add disabled=yes name=user649 profile=Events server="  Hotspot"
add disabled=yes name=user650 profile=Events server="  Hotspot"
add disabled=yes name=user651 profile=Events server="  Hotspot"
add disabled=yes name=user652 profile=Events server="  Hotspot"
add disabled=yes name=user653 profile=Events server="  Hotspot"
add disabled=yes name=user654 profile=Events server="  Hotspot"
add disabled=yes name=user655 profile=Events server="  Hotspot"
add disabled=yes name=user656 profile=Events server="  Hotspot"
add disabled=yes name=user657 profile=Events server="  Hotspot"
add disabled=yes name=user658 profile=Events server="  Hotspot"
add disabled=yes name=user659 profile=Events server="  Hotspot"
add disabled=yes name=user660 profile=Events server="  Hotspot"
add disabled=yes name=user661 profile=Events server="  Hotspot"
add disabled=yes name=user662 profile=Events server="  Hotspot"
add disabled=yes name=user663 profile=Events server="  Hotspot"
add disabled=yes name=user664 profile=Events server="  Hotspot"
add disabled=yes name=user665 profile=Events server="  Hotspot"
add disabled=yes name=user666 profile=Events server="  Hotspot"
add disabled=yes name=user667 profile=Events server="  Hotspot"
add disabled=yes name=user668 profile=Events server="  Hotspot"
add disabled=yes name=user669 profile=Events server="  Hotspot"
add disabled=yes name=user670 profile=Events server="  Hotspot"
add disabled=yes name=user671 profile=Events server="  Hotspot"
add disabled=yes name=user672 profile=Events server="  Hotspot"
add disabled=yes name=user673 profile=Events server="  Hotspot"
add disabled=yes name=user674 profile=Events server="  Hotspot"
add disabled=yes name=user675 profile=Events server="  Hotspot"
add disabled=yes name=user676 profile=Events server="  Hotspot"
add disabled=yes name=user677 profile=Events server="  Hotspot"
add disabled=yes name=user678 profile=Events server="  Hotspot"
add disabled=yes name=user679 profile=Events server="  Hotspot"
add disabled=yes name=user680 profile=Events server="  Hotspot"
add disabled=yes name=user681 profile=Events server="  Hotspot"
add disabled=yes name=user682 profile=Events server="  Hotspot"
add disabled=yes name=user683 profile=Events server="  Hotspot"
add disabled=yes name=user684 profile=Events server="  Hotspot"
add disabled=yes name=user685 profile=Events server="  Hotspot"
add disabled=yes name=user686 profile=Events server="  Hotspot"
add disabled=yes name=user687 profile=Events server="  Hotspot"
add disabled=yes name=user688 profile=Events server="  Hotspot"
add disabled=yes name=user689 profile=Events server="  Hotspot"
add disabled=yes name=user690 profile=Events server="  Hotspot"
add disabled=yes name=user691 profile=Events server="  Hotspot"
add disabled=yes name=user692 profile=Events server="  Hotspot"
add disabled=yes name=user693 profile=Events server="  Hotspot"
add disabled=yes name=user694 profile=Events server="  Hotspot"
add disabled=yes name=user695 profile=Events server="  Hotspot"
add disabled=yes name=user696 profile=Events server="  Hotspot"
add disabled=yes name=user697 profile=Events server="  Hotspot"
add disabled=yes name=user698 profile=Events server="  Hotspot"
add disabled=yes name=user699 profile=Events server="  Hotspot"
add disabled=yes name=user700 profile=Events server="  Hotspot"
add disabled=yes name=Career profile="Multi User" server="Spare wifi hotspot"
add disabled=yes name=user701 profile=Events server="  Hotspot"
add disabled=yes name=user702 profile=Events server="  Hotspot"
add disabled=yes name=user703 profile=Events server="  Hotspot"
add disabled=yes name=user704 profile=Events server="  Hotspot"
add disabled=yes name=user705 profile=Events server="  Hotspot"
add disabled=yes name=user706 profile=Events server="  Hotspot"
add disabled=yes name=user707 profile=Events server="  Hotspot"
add disabled=yes name=user708 profile=Events server="  Hotspot"
add disabled=yes name=user709 profile=Events server="  Hotspot"
add disabled=yes name=user710 profile=Events server="  Hotspot"
add disabled=yes name=user711 profile=Events server="  Hotspot"
add disabled=yes name=user712 profile=Events server="  Hotspot"
add disabled=yes name=user713 profile=Events server="  Hotspot"
add disabled=yes name=user714 profile=Events server="  Hotspot"
add disabled=yes name=user715 profile=Events server="  Hotspot"
add disabled=yes name=user716 profile=Events server="  Hotspot"
add disabled=yes name=user717 profile=Events server="  Hotspot"
add disabled=yes name=user718 profile=Events server="  Hotspot"
add disabled=yes name=user719 profile=Events server="  Hotspot"
add disabled=yes name=user720 profile=Events server="  Hotspot"
add disabled=yes name=user721 profile=Events server="  Hotspot"
add disabled=yes name=user722 profile=Events server="  Hotspot"
add disabled=yes name=user723 profile=Events server="  Hotspot"
add disabled=yes name=user724 profile=Events server="  Hotspot"
add disabled=yes name=user725 profile=Events server="  Hotspot"
add disabled=yes name=user726 profile=Events server="  Hotspot"
add disabled=yes name=user727 profile=Events server="  Hotspot"
add disabled=yes name=user728 profile=Events server="  Hotspot"
add disabled=yes name=user729 profile=Events server="  Hotspot"
add disabled=yes name=user730 profile=Events server="  Hotspot"
add disabled=yes name=user731 profile=Events server="  Hotspot"
add disabled=yes name=user732 profile=Events server="  Hotspot"
add disabled=yes name=user733 profile=Events server="  Hotspot"
add disabled=yes name=user734 profile=Events server="  Hotspot"
add disabled=yes name=user735 profile=Events server="  Hotspot"
add disabled=yes name=user736 profile=Events server="  Hotspot"
add disabled=yes name=user737 profile=Events server="  Hotspot"
add disabled=yes name=user738 profile=Events server="  Hotspot"
add disabled=yes name=user739 profile=Events server="  Hotspot"
add disabled=yes name=user740 profile=Events server="  Hotspot"
add disabled=yes name=user741 profile=Events server="  Hotspot"
add disabled=yes name=user742 profile=Events server="  Hotspot"
add disabled=yes name=user743 profile=Events server="  Hotspot"
add disabled=yes name=user744 profile=Events server="  Hotspot"
add disabled=yes name=user745 profile=Events server="  Hotspot"
add disabled=yes name=user746 profile=Events server="  Hotspot"
add disabled=yes name=user747 profile=Events server="  Hotspot"
add disabled=yes name=user748 profile=Events server="  Hotspot"
add disabled=yes name=user749 profile=Events server="  Hotspot"
add disabled=yes name=user750 profile=Events server="  Hotspot"
add disabled=yes name=user751 profile=Events server="  Hotspot"
add disabled=yes name=user752 profile=Events server="  Hotspot"
add disabled=yes name=user753 profile=Events server="  Hotspot"
add disabled=yes name=user754 profile=Events server="  Hotspot"
add disabled=yes name=user755 profile=Events server="  Hotspot"
add disabled=yes name=user756 profile=Events server="  Hotspot"
add disabled=yes name=user757 profile=Events server="  Hotspot"
add disabled=yes name=user758 profile=Events server="  Hotspot"
add disabled=yes name=user759 profile=Events server="  Hotspot"
add disabled=yes name=user760 profile=Events server="  Hotspot"
add disabled=yes name=user761 profile=Events server="  Hotspot"
add disabled=yes name=user762 profile=Events server="  Hotspot"
add disabled=yes name=user763 profile=Events server="  Hotspot"
add disabled=yes name=user764 profile=Events server="  Hotspot"
add disabled=yes name=user765 profile=Events server="  Hotspot"
add disabled=yes name=user766 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user767 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user768 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user769 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user770 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user771 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user772 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user773 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user774 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user775 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user776 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user777 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user778 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user779 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user780 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user781 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user782 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user783 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user784 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user785 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=meetings profile="Multi User" server="  Hotspot"
add disabled=no name=keven profile="Staff Connections" server="  Hotspot"
add disabled=no name=ben profile="Staff Connections" server="  Hotspot"
add disabled=no name=jimmy profile="Staff Connections" server="  Hotspot"
add disabled=yes name=user786 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user787 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user788 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user789 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user790 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user791 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user792 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user793 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user794 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user795 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user796 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user797 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user798 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user799 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user800 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user801 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user802 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user803 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user804 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user805 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user806 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user807 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user808 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user809 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user810 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user811 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user812 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user813 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user814 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user815 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user816 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user817 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user818 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user819 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user820 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user821 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user822 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user823 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user824 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user825 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user826 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user827 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user828 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user829 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user830 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user831 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user832 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user833 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user834 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user835 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user836 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user837 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=Manie profile="Staff Connections" server=\
    "  Hotspot"
add disabled=no name=Dean profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user838 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user839 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user840 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user841 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user842 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user843 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user844 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user845 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user846 profile="Multi User" server="  Hotspot"
add disabled=yes name=user847 profile="Multi User" server="  Hotspot"
add disabled=yes name=user848 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user849 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user850 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user851 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user852 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user853 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user854 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user855 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user856 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user857 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user858 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user859 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user860 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user861 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user862 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user863 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user864 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user865 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user866 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user867 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user868 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user869 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user870 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user871 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user872 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user873 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user874 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user875 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user876 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user877 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user878 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user879 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user880 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user881 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user882 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user883 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user884 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user885 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user886 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user887 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user888 profile="Multi User" server="  Hotspot"
add disabled=no name=user889 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user890 profile="Multi User" server="  Hotspot"
add disabled=no name=user891 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user892 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user893 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user894 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user895 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user896 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user897 profile="Multi User" server="  Hotspot"
add disabled=no name=user898 profile="Multi User" server="  Hotspot"
add disabled=no name=user899 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user900 profile="Multi User" server="  Hotspot"
add disabled=no name=user901 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user902 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user903 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user904 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user905 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user906 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user907 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user908 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user909 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user910 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user911 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user912 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user913 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user914 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user915 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user916 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user917 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user918 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user919 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user920 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user921 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user922 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user923 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user924 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user925 profile="Multi User" server="  Hotspot"
add disabled=no name=user926 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user927 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user928 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user929 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user930 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user931 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user932 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user933 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user934 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user935 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user936 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user937 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user938 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user939 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user940 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user941 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user942 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user943 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user944 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user945 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user946 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user947 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user948 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user949 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user950 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user951 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user952 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user953 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user954 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user955 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user956 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user957 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user958 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user959 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user960 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user961 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user962 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user963 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user964 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user965 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user966 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user967 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user968 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user969 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user970 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user971 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user972 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user973 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user974 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user975 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user976 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user977 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user978 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user979 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user980 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user981 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user982 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user983 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user984 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user985 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user986 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user987 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=springgift profile="Multi User" server="  Hotspot"
add disabled=no name=krono1664 profile="Staff Connections" server=\
    "  Hotspot"
add disabled=no name=greg profile="Staff Connections" server="  Hotspot"
add disabled=yes name=homeshow profile="Multi User" server="  Hotspot"
add disabled=yes name=foodpack profile="Multi User" server="  Hotspot"
add disabled=yes name=flightexpo profile="Multi User" server="  Hotspot"
add disabled=yes name=fcexpo profile="Multi User" server="  Hotspot"
add disabled=yes name=Jehovah profile="Multi User" server="  Hotspot"
add disabled=no name=scee profile="Multi User" server="  Hotspot"
add disabled=no name=riot profile="Multi User" server="  Hotspot"
add disabled=yes name=LDS profile="Premium Connections" server=\
    "  Hotspot"
add comment="  Staff Connection" disabled=no name=mark profile=\
    "Staff Connections" server="  Hotspot"
add disabled=no name=user988 profile=default
add disabled=no name=driveelectric profile="Multi User" server=\
    "  Hotspot"
add disabled=no name=Events profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=iticket2 profile="Premium Connections" server=\
    "  Hotspot"
/ip hotspot walled-garden
add action=allow disabled=no dst-host=*. .co.nz dst-port=""
add action=allow comment="#1 Entry to allow free access to Apple App Store" \
    disabled=yes dst-host=itunes.apple.com dst-port=""
add action=allow comment="#2 Entry to allow free access to Apple App Store" \
    disabled=yes dst-host=ax.itunes.apple.com dst-port=""
add action=allow comment="#3 Entry to allow free access to Apple App Store" \
    disabled=yes dst-host=albert.apple.com dst-port=""
add action=allow comment="#4 Entry to allow free access to Apple App Store" \
    disabled=yes dst-host=gs.apple.com dst-port=""
add action=allow disabled=no dst-host=*.facebook.com dst-port=""
/ip neighbor discovery
set "ether12 - Spare" disabled=no
set "ether13 - Local Management Interface" disabled=no
set "ether1 - Incoming FX Fibre" disabled=no
set "ether2 -    sg adm" disabled=no
set "ether3 - spare" disabled=no
set "ether4 - Spare" disabled=no
set "ether5 - Link to LAN Core" disabled=no
set "ether6 - LACP1" disabled=no
set "ether7 - LACP1" disabled=no
set "ether8 - XSYS Server CSG" disabled=no
set "ether9 - XSYS Server XSYSLIVE" disabled=no
set "ether10 -   Server" disabled=no
set "ether11 - Spare" disabled=no
set "LACP1 - Core Link" disabled=yes
set "100 - ef" disabled=yes
set "110 - LAN Connections" disabled=yes
set "120 - Public Wifi" disabled=yes
set "130 -   Ticketing" disabled=yes
set "140 -" disabled=yes
set "200 - EXPO Management" disabled=yes
set "150 - dw office" disabled=yes
set "099 - LAN Management" disabled=yes
set "098 - WLAN Management" disabled=yes
set "050 -  SG Camera" disabled=yes
set "299 - WLAN WAN" disabled=yes
set "111 - A2017 -  " disabled=yes
set "112 - A2017 -  " disabled=yes
set "113 - A2017 -  " disabled=yes
set "114 - A2017 -  " disabled=yes
set "300 - WLAN Management" disabled=yes
set "301 - WLAN Public WiFi" disabled=yes
set "302 - WLAN Exhibitor" disabled=yes
set "303 - WLAN Access Points" disabled=yes
set "97 -   Backup" disabled=yes
set "304 - Event Organiser Wi-Fi" disabled=yes
set "115 - A2017 - " disabled=yes
set "116 - A2017 - " disabled=yes
set "117 - A2017 - " disabled=yes
set "118 - A2017 - " disabled=yes
set "119 - A2017 - VLAN 119 Test" disabled=yes
set "55 -   sg VoIP" disabled=yes
/ip proxy
set always-from-cache=no cache-admistrator=webmaster cache-hit-dscp=4 \
    cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\
    600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
    parent-proxy-port=0 port=8080 serialize-connections=no src-address=\
    0.0.0.0
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=my.pub.ip.5 \
    scope=30 target-scope=10
/ip service
set telnet address="" disabled=no port=23
set ftp address="" disabled=no port=21
set www address="" disabled=no port=80
set ssh address="" disabled=no port=22
set www-ssl address="" certificate=none disabled=yes port=443
set api address="" disabled=yes port=8728
set winbox address="" disabled=no port=8291
/ip smb
set allow-guests=yes comment=MikrotikSMB domain=MSHOME enabled=no interfaces=\
    all
/ip smb shares
set [ find default=yes ] comment="default share" directory=/pub disabled=no \
    max-sessions=10 name=pub
/ip smb users
set [ find default=yes ] disabled=no name=guest read-only=yes
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
    inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
set [ find default=yes ] disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \
    lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \
    use-explicit-null=no
/port firmware
set directory=firmware
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/ppp secret
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=LESDA \
    profile="  VPN" remote-address=192.168.97.10 routes="" service=pptp
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=396queen \
    profile="  VPN" remote-address=192.168.97.11 routes="" service=pptp
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=  \
    profile="  VPN" remote-address=192.168.97.12 routes="" service=pptp
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=ASL \
    profile="  VPN" remote-address=192.168.97.10 routes="" service=pptp
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=Dean \
    profile="  VPN" remote-address=192.168.97.10 routes="" service=pptp
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=Joy \
    profile="  VPN" remote-address=192.168.97.10 routes="" service=pptp
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=t \
    profile=profile1 remote-address=192.168.101.202 routes="" service=pptp
/queue interface
set "ether12 - Spare" queue=only-hardware-queue
set "ether13 - Local Management Interface" queue=only-hardware-queue
set "ether1 - Incoming FX Fibre" queue=only-hardware-queue
set "ether2 -    sg adm" queue=only-hardware-queue
set "ether3 - spare" queue=only-hardware-queue
set "ether4 - Spare" queue=only-hardware-queue
set "ether5 - Link to LAN Core" queue=only-hardware-queue
set "ether6 - LACP1" queue=only-hardware-queue
set "ether7 - LACP1" queue=only-hardware-queue
set "ether8 - XSYS Server CSG" queue=only-hardware-queue
set "ether9 - XSYS Server XSYSLIVE" queue=only-hardware-queue
set "ether10 -   Server" queue=only-hardware-queue
set "ether11 - Spare" queue=only-hardware-queue
/radius incoming
set accept=no port=3799
/routing bfd interface
set [ find default=yes ] disabled=no interface=all interval=0.2s min-rx=0.2s \
    multiplier=5
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
    gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
    0.0.0.0 timeout=1m ttl=50
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
    metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
    redistribute-connected=no redistribute-ospf=no redistribute-static=no \
    routing-table=main timeout-timer=3m update-timer=30s
/snmp
set contact="" enabled=yes engine-id="" location="" trap-community=public \
    trap-generators="" trap-target="" trap-version=1
/system clock
set time-zone-name=Pacific/Auckland
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
    "jan/01/1970 00:00:00" time-zone=+00:00
/system console
set [ find port=serial0 ] disabled=no port=serial0 term=vt102
/system health
set fan-mode=auto use-fan=main
/system identity
set name=MikroTik
/system logging
set 0 action=memory disabled=yes prefix="" topics=info
set 1 action=memory disabled=no prefix="" topics=error
set 2 action=memory disabled=no prefix="" topics=warning
set 3 action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=yes mode=unicast primary-ntp=my.pub.ip.7 secondary-ntp=\
    my.pub.ip.7
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
set 3 cpu=auto
set 4 cpu=auto
set 5 cpu=auto
set 6 cpu=auto
set 7 cpu=auto
set 8 cpu=auto
set 9 cpu=auto
set 10 cpu=auto
set 11 cpu=auto
/system resource irq rps
set "ether13 - Local Management Interface" disabled=no
set "ether1 - Incoming FX Fibre" disabled=yes
set "ether2 -    sg adm" disabled=yes
set "ether3 - spare" disabled=yes
set "ether4 - Spare" disabled=yes
set "ether5 - Link to LAN Core" disabled=yes
set "ether6 - LACP1" disabled=yes
set "ether7 - LACP1" disabled=yes
set "ether8 - XSYS Server CSG" disabled=yes
set "ether9 - XSYS Server XSYSLIVE" disabled=yes
set "ether10 -   Server" disabled=yes
/system routerboard settings
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet \
    boot-protocol=bootp cpu-frequency=1066MHz enable-jumper-reset=yes \
    enter-setup-on=any-key force-backup-booter=no memory-data-rate=533DDR \
    silent-boot=no
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
    0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
    none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\
    100
/tool e-mail
set address=0.0.0.0 from=<> password="" port=25 user=""
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set [ find default=yes ] disabled=no interface=all
/tool mac-server mac-winbox
set [ find default=yes ] disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no
/tool sniffer
set file-limit=1000KiB file-name="" filter-ip-address="" filter-ip-protocol=\
    "" filter-mac-address="" filter-mac-protocol="" filter-port="" \
    filter-stream=yes interface=all memory-limit=100KiB memory-scroll=yes \
    only-headers=no streaming-enabled=no streaming-server=0.0.0.0
/tool traffic-generator
set latency-distribution-scale=10 test-id=0
/tool traffic-monitor
add disabled=no interface="ether1 - Incoming FX Fibre" name=tmon1 on-event="" \
    threshold=0 traffic=transmitted trigger=above
/user aaa
set accounting=yes default-group=read exclude-groups="" interim-update=0s \
    use-radius=no


Re: Firewall Causing Low Throughput

Posted: Tue Jul 02, 2019 2:12 pm
by sindy
RouterOS 5.14? Are you serious? So many things have changed since 5.14... first, a lot of security issues have been addressed, second, there were some optimisations so current versions may perform better even without any change of the configuration, and third, some things now behave slightly differently so the analysis may be affected by that.

Anyway, there are significant issues in the configuration which do affect the throughput:
  • in /ip firewall mangle, almost everything is wrong. The whole idea of use of connection-mark is that you evaluate a complex set of match conditions necessary to classify the connection once, while handling the initial packet of the connection, and store the result in the form of the connection-mark, so subsequent packets belonging to the same connection can be identified as such by the connection-mark alone, so their matching to the firewall rules is faster. What the guy before you has configured is that the connection-mark gets overwritten by a new value by almost every packet, because he's setting a different connection-mark value for each direction of the same connection whereas only a single connection-mark value can be assigned to a connection at a time.

    So as the first step I'd rearrange the mangle rules the following way (showing on the first four rules):

    before:
    add action=mark-connection chain=prerouting comment="ETH2 - mark packets upload" disabled=no new-connection-mark=ETH2_conn_up passthrough=yes src-address=192.168.97.16/29
    add action=mark-packet chain=prerouting connection-mark=ETH2_conn_up disabled=no new-packet-mark=ETH2_up passthrough=no
    add action=mark-connection chain=postrouting comment="ETH2 - mark packets download" disabled=no dst-address=192.168.97.16/29 new-connection-mark=ETH2_conn_down passthrough=yes
    add action=mark-packet chain=postrouting connection-mark=ETH2_conn_down disabled=no new-packet-mark=ETH2_down passthrough=no
    add action=mark-connection chain=prerouting comment="99 - mark packets upload" disabled=no new-connection-mark=VLAN99_conn_up passthrough=yes src-address=192.168.99.0/24
    add action=mark-packet chain=prerouting connection-mark=VLAN99_conn_up disabled=no new-packet-mark=VLAN99_up passthrough=no
    add action=mark-connection chain=postrouting comment="99 - mark packets download" disabled=no dst-address=192.168.99.0/24 new-connection-mark=VLAN99_conn_down passthrough=yes
    add action=mark-packet chain=postrouting connection-mark=VLAN99_conn_down disabled=no new-packet-mark=VLAN99_down passthrough=no

    after:
    add action=jump chain=prerouting connection-mark=!no-mark jump-target=packet-marking comment="if a packet belongs to an already marked connection, go to packet marking straight ahead"
    
    add action=mark-connection chain=prerouting comment="ETH2 - mark packets on upload" disabled=no new-connection-mark=ETH2_conn passthrough=yes src-address=192.168.97.16/29
    add action=mark-connection chain=prerouting comment="99 - mark packets on upload" disabled=no new-connection-mark=VLAN99_conn passthrough=yes src-address=192.168.99.0/24
    
    add action=jump chain=prerouting jump-target=packet-marking comment="also initial packets which have created the connection-mark need to get a packet-mark"
    
    add chain=packet-marking action=jump jump-target=download-packet-marking in-interface="ether1 - Incoming FX Fibre" comment="use a separate chain for download packets"
    add action=mark-packet chain=packet-marking connection-mark=ETH2_conn disabled=no new-packet-mark=ETH2_up passthrough=no
    add action=mark-packet chain=packet-marking connection-mark=VLAN99_conn disabled=no new-packet-mark=ETH2_up passthrough=no
    
    add action=mark-packet chain=download-packet-marking connection-mark=ETH2_conn disabled=no new-packet-mark=ETH2_down passthrough=no
    add action=mark-packet chain=download-packet-marking connection-mark=VLAN99_conn disabled=no new-packet-mark=ETH2_down passthrough=no
    
    What we do above is that we only assign the connection-mark once to each connection, so we save the time necessary to do that for all packets except the 1st one of each connection, and that we reduce to 25% the number of rules an average packet has to pass - instead of four rules per queue pair, we use just one.

    When choosing a queue from the tree to be used, the packet-mark and the ultimate parent are used. Therefore, if your queues are parented in "global-in" and "global-out", you need an individual packet-mark for each direction. If you could rearrange the queues in such a way that each queue subtree would have the interface name as its parent, you would be able to use the same packet-mark for each direction, so a single packet marking chain for both directions would be sufficient. It's up to you which approach suits you best.
  • in /ip firewall filter, the rules action=drop connection-state=invalid should be placed after the action=accept connection-state=established in both chain=input and chain=forward. The packets matching connection-state=established do not match connection-state=invalid, so this swap of order changes nothing about the resulting handling of the packet, but changes a lot from the point of view of the load - the packets belonging to established connections will have to be checked by one rule less, which means 50% in this case. The effect of this change is negligible as compared to the point above, yet still worth mentioning.

Re: Firewall Causing Low Throughput

Posted: Tue Jul 02, 2019 11:58 pm
by Inigma
Wow, thanks heaps for looking through all that!
There's a lot to unpack there.

A few questions:
  1. Will changing the mangle rules, as you have stated, cause down time? i.e. should I be scheduling to do this outside of business hours?
  2. You've stated "It's up to you which approach suits you best". Do you mean I can do either the Mangle rule changes or the queue tree changes, or have I misunderstood?
  3. So with the queue tree, I should make the parent for VLAN 100 be the interface for VLAN 100 and VLAN 300 be the interface for VLAN 300 and so on, instead of the global in/out?
  4. I'm not too sure I understand this fully. Are you saying that the first two rules in the filter list should be placed right at the bottom of the list? After everything else has been checked?

Thanks for your help on this!

Re: Firewall Causing Low Throughput

Posted: Wed Jul 03, 2019 11:56 am
by sindy
  1. Will changing the mangle rules, as you have stated, cause down time? i.e. should I be scheduling to do this outside of business hours?
    It is always better to schedule large modifications outside business hours, however the existing mangle rules, if I haven't missed anything, are there solely to provide the packet marking for QoS. So the worst what can happen if you only touch the mangle rules and nothing else is that your QoS will get broken, not routing itself.
    In fact you can prepare all the new rules at the end of the prerouting chain in mangle, and then start removing the existing ones from the top in quadruples. The packets will not reach the new ones while the old ones are still in place, so doing that will not load the CPU more.
  2. You've stated "It's up to you which approach suits you best". Do you mean I can do either the Mangle rule changes or the queue tree changes, or have I misunderstood?
    You have to change mangle rules in either case. The choice left with you is whether you want to stay with global-in, global-out as the ultimate parents of all queue trees and use a distinct packet-mark for each direction (upload/download) for each connection-mark, or whether you redo the queue trees' ultimate parents to interfaces and use a single packet-mark for both upload and download for each connection-mark.
  3. So with the queue tree, I should make the parent for VLAN 100 be the interface for VLAN 100 and VLAN 300 be the interface for VLAN 300 and so on, instead of the global in/out?
    Should is too strong - you may if you choose this way. But if you make each LAN interface a parent of its own queue subtree, the bandwidth calculation in the downlink direction will become separate, which is probably not what you actually want. So you may use ether1 as parent for upload, and global-in (or global-out, I'm not sure here) as parent for download. This way, the download bandwidth limits will still be shared by all LAN interfaces, but download and upload will have different parents and thus it will be possible to use the same packet-mark for both directions.
  4. I'm not too sure I understand this fully. Are you saying that the first two rules in the filter list should be placed right at the bottom of the list? After everything else has been checked?
    No, I'm saying that the rule "accept established,related" should be the topmost one in each chain, and the rule "drop invalid" should be right below it, followed by all the rest.

Re: Firewall Causing Low Throughput

Posted: Wed Jul 17, 2019 1:57 am
by Inigma
Hi, sorry for the super late reply, I went on leave.

So, I went through what you have said and have made the following changes to mangle:
add action=jump chain=prerouting comment="If a packet already belongs to a marked connection, then go to packet marking." connection-mark=no-mark disabled=no jump-target=packet-marking
add action=mark-connection chain=prerouting comment="ETH2 - Mark packets on upload" disabled=no new-connection-mark=ETH2_conn passthrough=yes src-address=192.168.97.16/29
add action=mark-connection chain=prerouting comment="VLAN99 - Mark packets on upload" disabled=no new-connection-mark=VLAN99_conn passthrough=yes src-address=192.168.99.0/24
add action=mark-connection chain=prerouting comment="VLAN301 - Mark packets on upload" disabled=no new-connection-mark=VLAN301_conn passthrough=yes src-address=172.16.0.0/16
add action=jump chain=prerouting comment="initial packets that created the connection mark need to get a packet mark" disabled=no jump-target=packet-marking
add action=jump chain=packet-marking comment="use a separate chain for download packets" disabled=no in-interface="ether1 - Incoming FX Fibre" jump-target=download-packet-marking
add action=mark-packet chain=packet-marking connection-mark=ETH2_conn disabled=no new-packet-mark=ETH2_up_new passthrough=no
add action=mark-packet chain=packet-marking connection-mark=VLAN99_conn disabled=no new-packet-mark=99_up passthrough=no
add action=mark-packet chain=packet-marking connection-mark=VLAN301_conn disabled=no new-packet-mark=301_up passthrough=no
add action=mark-packet chain=download-packet-marking connection-mark=ETH2_conn disabled=no new-packet-mark=ETH2_down_new passthrough=no
add action=mark-packet chain=download-packet-marking connection-mark=VLAN99_conn disabled=no new-packet-mark=99_down passthrough=no
add action=mark-packet chain=download-packet-marking connection-mark=VLAN301_conn disabled=no new-packet-mark=301_down passthrough=no
I thought I'd start with just a few to make sure I understand this before doing a complete rehaul.
Now in your example, you had marked packets for both ETH2 and 99 as "ETH_up", I have changed that to ETH2_up_new, 99_up, 99_down, etc.
To my understanding this is so I can create bandwidth limitations for each of these if I need to, so I can limit vlan 99 to what ever I want and 301, etc.
The issue still stands, that I'm not getting what I expect.

I did a quick queue tree change to to encompass all of my bandwidth and give 99_up and down everything:
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=500M name="All Bandwidth" packet-mark="" parent=global-total priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=Down packet-mark=99_down parent="All Bandwidth" priority=1 queue=PCQ-DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=UP packet-mark=99_up parent="All Bandwidth" priority=1 queue=PCQ-UP
Edit: forgot to add queue types
add kind=pcq name=PCQ-DOWN pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-dst-address6-mask=64 /
pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ-UP pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 pcq-dst-address6-mask=64 /
pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
It's weird on vlan99 I'm not getting above 100 down but I'm getting around 150 up.
I should expect 500 both ways with this config, shouldn't I?
This is right at the bottom of the queue tree, I can't seem to move it up, don't know if that makes any difference.
And all the other queues are there still too, but I don't see that making a difference, correct me if I'm wrong.

Re: Firewall Causing Low Throughput

Posted: Wed Jul 17, 2019 9:09 am
by sindy
have made the following changes to mangle:
add action=jump chain=prerouting comment="If a packet already belongs to a marked connection, then go to packet marking." connection-mark=no-mark disabled=no jump-target=packet-marking
First rule, first mistake which ruins the whole concept. It should have been
add action=jump chain=prerouting comment="If a packet already belongs to a marked connection, then go to packet marking." connection-mark=!no-mark disabled=no jump-target=packet-marking
- without that exclamation mark, you effectively say "don't ever connection-mark anything".

I thought I'd start with just a few to make sure I understand this before doing a complete rehaul.
That's a correct intention, but the outcome depends on how you handle packets with no packet-mark in the queue tree. If there is no queue matching packet-mark=no-mark, packets with no packet-mark are not queued so they get absolute priority. If there is a queue with the least priority for them, all is good (for the purpose of testing, that is). Or, alternatively, no limits for any of the queues are good too if you want to check just how the classification and enqueueing affects the overall throughput and can disconnect all the other traffic for the time of the test.

Now in your example, you had marked packets for both ETH2 and 99 as "ETH_up", I have changed that to ETH2_up_new, 99_up, 99_down, etc.
To my understanding this is so I can create bandwidth limitations for each of these if I need to, so I can limit vlan 99 to what ever I want and 301, etc.
Sorry, correct, copy-paste error on my side (insufficient edit after paste).

Edit: forgot to add queue types
add kind=pcq ...
I'm afraid this may be the actual key to the issue, as the PCQ effectively adds one more layer of classification, albeit an efficient one.

It's weird on vlan99 I'm not getting above 100 down but I'm getting around 150 up.
I should expect 500 both ways with this config, shouldn't I?
As said above, it depends on whether packets without any packet-mark can overtake by not being queued at all. If the connection-marking worked, I'd say that non-symmetry of the results suggests that they do, leaving a different amount of bandwidth for vlan99's queued packets in each direction, but that's not relevant until you fix the missing exclamation mark.

This is right at the bottom of the queue tree, I can't seem to move it up, don't know if that makes any difference.
And all the other queues are there still too, but I don't see that making a difference, correct me if I'm wrong.
None is an issue (except the total amount of queues as the packet marks have to be matched one by one), the order of queues in the tree should not be significant, they are chosen by packet-mark, not by order or mere existence.

Re: Firewall Causing Low Throughput

Posted: Wed Jul 17, 2019 10:15 am
by Inigma
Thanks so much for taking the time to get back to me!

First rule, first mistake which ruins the whole concept. It should have been
add action=jump chain=prerouting comment="If a packet already belongs to a marked connection, then go to packet marking." connection-mark=!no-mark disabled=no jump-target=packet-marking
- without that exclamation mark, you effectively say "don't ever connection-mark anything".
Okay, so that's the first thing I'll do tomorrow is change that and then I'll have a look and see if that affects it all and report back. It's sounding like it will.

If there is no queue matching packet-mark=no-mark, packets with no packet-mark are not queued so they get absolute priority.
I'm not 100% but I don't think that anything comes in without getting marked, even with the other person's set up.
Is there a way to know for sure?

I'm afraid this may be the actual key to the issue, as the PCQ effectively adds one more layer of classification, albeit an efficient one.
Could PCQ be slowing it down this much, to effectively half what our bandwidth should be?
Is there a better way to do this?

Re: Firewall Causing Low Throughput

Posted: Wed Jul 17, 2019 11:16 am
by sindy
If there is no queue matching packet-mark=no-mark, packets with no packet-mark are not queued so they get absolute priority.
I'm not 100% but I don't think that anything comes in without getting marked, even with the other person's set up.
Is there a way to know for sure?
From what you wrote I got a feeling that you have disabled all of the pre-existing mangle rules, put there those you've listed in your last but one post (for eth2 and the two VLANs), and the rest of the traffic thus remains untreated (no connection marks, no packet marks). If this is not the case and all the old mangle rules are still there, they keep slowing it all down just like they did before.

I'm afraid this may be the actual key to the issue, as the PCQ effectively adds one more layer of classification, albeit an efficient one.
Could PCQ be slowing it down this much, to effectively half what our bandwidth should be?
Sincerely, no idea. I don't have any practical experience with this combination of uplink bandwidth, traffic volume and amount of queues on this HW.

Is there a better way to do this?
None I'd be aware of, otherwise I'd have suggested it straight away ;)

Re: Firewall Causing Low Throughput

Posted: Thu Jul 18, 2019 11:12 pm
by Inigma
So, I've noticed that the number indicating bytes/packets aren't increasing all that much on first mangle rule "if a packet already belongs to a connection, then go straight to packet marking".
In fact in total, I have 4.3GiB on this rule vs 14.4Gib on Eth2 mark packets on upload alone.
If I create network traffic on vlan 99, I can see that there is a significant amount of traffic going through the "mark packets on upload", and then the "packet marking" and "download packet marking" for vlan 99.
This to me indicates that it's not jumping or do I misunderstand?

Note: I have changed the first rule to "!no-mark"

Re: Firewall Causing Low Throughput

Posted: Thu Jul 18, 2019 11:22 pm
by sindy
So, I've noticed that the number indicating bytes/packets aren't increasing all that much on first mangle rule "if a packet already belongs to a connection, then go straight to packet marking".
In fact in total, I have 4.3GiB on this rule vs 14.4Gib on Eth2 mark packets on upload alone.
That's definitely suspicious, as most packets should match this rule.

Can you post the complete current configuration (obfuscated of course)? And, stupid question, have you zeroed all the packet/byte counters after adding the ! to the first rule?

Re: Firewall Causing Low Throughput

Posted: Fri Jul 19, 2019 12:25 am
by Inigma
And, stupid question, have you zeroed all the packet/byte counters after adding the ! to the first rule?
Yeah, I had. I was watching the vlan 99 packets go up and up whilst the first rule had nothing going through it.

#
/interface ethernet
set 0 arp=enabled auto-negotiation=yes disabled=yes full-duplex=yes l2mtu=\
    1600 mac-address=00:0C:42:9B:3F:46 mtu=1500 name="ether12 - Spare" speed=\
    100Mbps
set 1 arp=enabled auto-negotiation=yes disabled=no full-duplex=yes l2mtu=1600 \
    mac-address=00:0C:42:9B:3F:47 mtu=1500 name=\
    "ether13 - Local Management Interface" speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:9B:3F:3B \
    master-port=none mtu=1500 name="ether1 - Incoming FX Fibre" speed=1Gbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:9B:3F:3C \
    master-port=none mtu=1500 name="ether2 -     adam" speed=\
    100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:9B:3F:3D \
    master-port=none mtu=1500 name="ether3 - spare" speed=1Gbps
set 5 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:9B:3F:3E \
    master-port=none mtu=1500 name="ether4 - Spare" speed=100Mbps
set 6 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:9B:3F:3F \
    master-port=none mtu=1500 name="ether5 - Link to LAN Core" speed=1Gbps
set 7 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:9B:3F:40 \
    master-port=none mtu=1500 name="ether6 - LACP1" speed=100Mbps
set 8 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:9B:3F:41 \
    master-port=none mtu=1500 name="ether7 - LACP1" speed=100Mbps
set 9 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:9B:3F:42 \
    master-port=none mtu=1500 name="ether8 - XSYS Server CSG" speed=100Mbps
set 10 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:9B:3F:43 \
    master-port=none mtu=1500 name="ether9 - XSYS Server XSYSLIVE" speed=\
    100Mbps
set 11 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:9B:3F:44 \
    master-port=none mtu=1500 name="ether10 -   Server" speed=100Mbps
set 12 arp=enabled auto-negotiation=yes disabled=yes full-duplex=yes l2mtu=\
    1600 mac-address=00:0C:42:9B:3F:45 mtu=1500 name="ether11 - Spare" speed=\
    100Mbps
/interface vlan
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="100 -  " use-service-tag=no vlan-id=100
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="110 - LAN Connections" use-service-tag=no vlan-id=110
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="120 - Public Wifi" use-service-tag=no vlan-id=120
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="130 -   Ticketing" use-service-tag=no vlan-id=130
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="200 -   Management" use-service-tag=no vlan-id=200
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="150 -   office" use-service-tag=no vlan-id=150
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="099 - LAN Management" use-service-tag=no vlan-id=99
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="050 -  SG Camera" use-service-tag=no vlan-id=50
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="111 - A2017 -  " use-service-tag=no vlan-id=111
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="112 - A2017 -  ractive" use-service-tag=no \
    vlan-id=112
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="113 - A2017 -  " use-service-tag=no vlan-id=113
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="114 - A2017 -  " use-service-tag=no vlan-id=114
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="300 - wifi Management" use-service-tag=no vlan-id=300
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="301 - wifi Public WiFi" use-service-tag=no vlan-id=301
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="302 - wifi Exhibitor" use-service-tag=no vlan-id=302
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="303 - wifi Access Points" use-service-tag=no vlan-id=303
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="97 -   Backup" use-service-tag=no vlan-id=97
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="115 - A2017 -  " use-service-tag=no vlan-id=\
    115
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="116 - A2017 -  " use-service-tag=no vlan-id=116
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="117 - A2017 -  " use-service-tag=no vlan-id=117
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="118 - A2017 -  " use-service-tag=no vlan-id=118
add arp=enabled disabled=no interface="ether3 - spare" l2mtu=1594 mtu=1500 \
    name="119 - A2017 - VLAN 119 Test" use-service-tag=no vlan-id=119
add arp=enabled disabled=no interface="ether5 - Link to LAN Core" l2mtu=1594 \
    mtu=1500 name="55 -     VoIP" use-service-tag=no vlan-id=55
/interface bonding
add arp=enabled arp-interval=100ms arp-ip-targets="" disabled=no down-delay=\
    0ms lacp-rate=30secs link-monitoring=none mii-interval=100ms mode=802.3ad \
    mtu=1500 name="LACP1 - Core Link" primary=none slaves=\
    "ether6 - LACP1,ether7 - LACP1" transmit-hash-policy=layer-2 up-delay=0ms
/interface vlan
add arp=enabled disabled=no interface="LACP1 - Core Link" mtu=1500 name=\
    "140 -" use-service-tag=no vlan-id=140
add arp=enabled disabled=no interface="LACP1 - Core Link" mtu=1500 name=\
    "098 - WLAN Management" use-service-tag=no vlan-id=98
add arp=enabled disabled=no interface="LACP1 - Core Link" mtu=1500 name=\
    "299 - wifi WAN" use-service-tag=no vlan-id=299
add arp=enabled disabled=yes interface="LACP1 - Core Link" mtu=1500 name=\
    "304 - Event Organiser Wi-Fi" use-service-tag=no vlan-id=304
/interface ethernet switch
set 0 mirror-source=none mirror-target=none name=switch2
set 1 mirror-source=none mirror-target=none name=switch1
/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=\
    hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=\
    cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0 \
    split-user-domain=no use-radius=no
add dns-name=publicwifi. .com hotspot-address=192.168.112.1 \
    html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 \
    login-by=cookie,http-pap name=hsprof1 rate-limit=60M/60M smtp-server=\
    pub.ip.10 split-user-domain=no use-radius=no
add dns-name=premwifi. .com hotspot-address=192.168.116.1 \
    html-directory=hotspot2 http-proxy=0.0.0.0:0 login-by=http-pap name=\
    hsprof2 rate-limit=10M/10M smtp-server=pub.ip.10 split-user-domain=no \
    use-radius=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m name=default \
    shared-users=1 status-autorefresh=1m transparent-proxy=no
add advertise=no idle-timeout=4h name="Multi User" open-status-page=always \
    shared-users=15 status-autorefresh=1m transparent-proxy=yes
add advertise=no idle-timeout=none keepalive-timeout=2m name=\
    "Staff Connections" open-status-page=always shared-users=1 \
    status-autorefresh=1m transparent-proxy=yes
add keepalive-timeout=15m name=Events rate-limit=2M/2M shared-users=unlimited \
    status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=\
    aes-128 lifetime=30m name=default pfs-group=modp1024
/ip pool
add name=dhcp_pool_  ranges=192.168.101.22-192.168.101.254
add name=dhcp_pool_LAN_Connections ranges=192.168.102.51-192.168.102.250
add name="  Ticketing subnet" ranges=192.168.103.101-192.168.103.200
add name=dhcp_pool_ _Management ranges=192.168.104.25-192.168.104.254
add name=dhcp_pool_public_hotspot ranges=192.168.112.2-192.168.115.254
add name=dhcp_pool_ _VPN ranges=192.168.97.10-192.168.97.14
add name=dhcp_pool_Private_Hotspot ranges=192.168.116.10-192.168.119.254
add name=dhcp_pool_Local_Management ranges=192.168.97.2-192.168.97.6
add name="WLAN management subnet" ranges=192.168.98.2-192.168.98.200
add name=dhcp_pool_LAN_Management ranges=192.168.99.2-192.168.99.200
add name=dhcp_pool2 ranges=192.168.92.51-192.168.92.254
add name=dhcp_pool3 ranges=192.168.93.51-192.168.93.254
add name=dhcp_pool4 ranges=192.168.94.51-192.168.94.254
add name="dhcp_pool_LAN_Connections 2" ranges=192.168.102.11-192.168.102.50
add name=dhcp_pool5 ranges=192.168.105.2-192.168.105.200
add name=  ranges=192.168.106.101-192.168.106.199
add name=dhcp_pool6 ranges=192.168.107.150-192.168.107.200
add name=dhcp_pool7 ranges=192.168.107.101-192.168.107.200
add name=dhcp_pool8 ranges=192.168.108.101-192.168.108.200
add name=dhcp_pool9 ranges=192.168.109.101-192.168.109.200
add name=dhcp_pool10 ranges=192.168.110.101-192.168.110.200
add name=dhcp_pool_wifi_Public_WiFi ranges=172.16.0.2-172.16.255.254
add name=dhcp_pool_wifiExhibitor ranges=192.168.120.2-192.168.127.254
add name=dhcp_pool_wifiAccessPoint ranges=192.168.200.2-192.168.201.254
add name=dhcp_pool12 ranges=192.168.96.200-192.168.96.254
add name=dhcp_pool20 ranges=192.168.91.51-192.168.91.200
add name=dhcp_pool21 ranges=192.168.90.51-192.168.90.200
add name=dhcp_pool22 ranges=192.168.89.51-192.168.89.200
add name=dhcp_pool23 ranges=192.168.88.51-192.168.88.200
add name=dhcp_pool25 ranges=192.168.96.51-192.168.96.199
add name=dhcp_pool24 ranges=192.168.95.51-192.168.95.200
add name=dhcp_pool27 ranges=192.168.113.51-192.168.113.200
add name=dhcp_pool26 ranges=192.168.111.51-192.168.111.200
add name=dhcp_pool_wifi_Management ranges=192.168.100.50-192.168.100.200
/ip dhcp-server
add address-pool=dhcp_pool_  authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface="100 -  " lease-time=1d \
    name= 
add address-pool=dhcp_pool_LAN_Connections authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface="110 - LAN Connections" \
    lease-time=4h name="LAN connections"
add address-pool="  Ticketing subnet" authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface="130 -   Ticketing" \
    lease-time=1w name="  Ticketing"
add address-pool=dhcp_pool_ _Management authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface="200 -   Management" \
    lease-time=1d name="  management"
add address-pool=dhcp_pool_public_hotspot authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface="120 - Public Wifi" \
    lease-time=1h name="public hotspot"
add address-pool=dhcp_pool_Local_Management authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface=\
    "ether13 - Local Management Interface" lease-time=1h name=\
    "Local management interface"
add address-pool=dhcp_pool_Private_Hotspot authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface="ether6 - LACP1" lease-time=1h \
    name="private hotspot"
add address-pool="WLAN management subnet" authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface="098 - WLAN Management" \
    lease-time=1w name="WLAN management"
add address-pool=dhcp_pool_LAN_Management authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface="099 - LAN Management" \
    lease-time=1d name="LAN management"
add address-pool=dhcp_pool5 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="ether12 - Spare" lease-time=1w name=\
    " SGC POS"
add address-pool=  authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="150 -   office" lease-time=3d \
    name= 
add address-pool=dhcp_pool7 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="111 - A2017 -  " lease-time=3d4h \
    name="A2017 -  "
add address-pool=dhcp_pool8 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="112 - A2017 -  ractive" \
    lease-time=3d4h name="A2017 -  ractive"
add address-pool=dhcp_pool9 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="113 - A2017 -  " lease-time=3d4h \
    name="A2017 -  "
add address-pool=dhcp_pool10 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="114 - A2017 -  " lease-time=3d4h \
    name="A2017 - MKTG"
add address-pool=dhcp_pool_wifi_Public_WiFi authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface="301 - wifi Public WiFi" \
    lease-time=1d name="wifi Public WiFi"
add address-pool=dhcp_pool_wifiExhibitor authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface="302 - wifi Exhibitor" \
    lease-time=1d name="wifi Exhibitor"
add address-pool=dhcp_pool_wifi_Management authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface="300 - wifi Management" \
    lease-time=1w name="wifi Management"
add address-pool=dhcp_pool_wifiAccessPoint authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface="303 - wifi Access Points" \
    lease-time=1w name="wifi Access points"
add address-pool=dhcp_pool12 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="97 -   Backup" lease-time=1w name=\
    "  Backup Network"
add address-pool=dhcp_pool10 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="304 - Event Organiser Wi-Fi" lease-time=1w \
    name="  Organiser Wi-Fi"
add address-pool=dhcp_pool20 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="116 - A2017 -  " lease-time=3d name=\
    "A2017 -  "
add address-pool=dhcp_pool23 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="115 - A2017 -  " lease-time=3d \
    name="A2017 -  "
add address-pool=dhcp_pool21 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="117 - A2017 -  " lease-time=3d name=\
    "A2017 -  "
add address-pool=dhcp_pool24 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="119 - A2017 - VLAN 119 Test" lease-time=3d \
    name="A2017 -   VR"
add address-pool=dhcp_pool22 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="118 - A2017 -  " lease-time=3d name=\
    "A2017 -  "
add address-pool=dhcp_pool24 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface="ether3 - spare" lease-time=3d name=Ether3
/ip hotspot
add address-pool=dhcp_pool_public_hotspot addresses-per-mac=2 disabled=yes \
    idle-timeout=5m interface="120 - Public Wifi" keepalive-timeout=none \
    name="  Hotspot" profile=hsprof1
add address-pool=dhcp_pool_Private_Hotspot addresses-per-mac=2 disabled=yes \
    idle-timeout=5m interface="140 -" keepalive-timeout=none name=\
    "Spare wifi hotspot" profile=hsprof2
/ip hotspot user profile
add address-pool=dhcp_pool_public_hotspot advertise=no name=\
    "Premium Connections" open-status-page=always shared-users=2 \
    status-autorefresh=1m transparent-proxy=yes
/port
set 0 baud-rate=115200 data-bits=8 flow-control=none name=serial0 parity=none \
    stop-bits=1
set 1 baud-rate=115200 data-bits=8 flow-control=none name=serial1 parity=none \
    stop-bits=1
/ppp profile
set 0 change-tcp-mss=yes name=default only-one=default use-compression=\
    default use-encryption=default use-mpls=default use-vj-compression=\
    default
add change-tcp-mss=yes local-address=192.168.97.9 name="  VPN" only-one=\
    no use-compression=no use-encryption=yes use-mpls=no use-vj-compression=\
    no
add change-tcp-mss=yes local-address=192.168.101.201 name=profile1 only-one=\
    no use-compression=no use-encryption=yes use-mpls=no use-vj-compression=\
    no
set 3 change-tcp-mss=yes name=default-encryption only-one=default \
    use-compression=default use-encryption=yes use-mpls=default \
    use-vj-compression=default
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=500M name="All Bandwidth" packet-mark="" parent=global-total \
    priority=1
/queue type
set 0 kind=pfifo name=default pfifo-limit=200
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 \
    red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
add kind=pcq name=PCQ_down_40M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=40M pcq-src-address-mask=\
    32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_up_40M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=40M pcq-src-address-mask=\
    32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_down_2M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=2M pcq-src-address-mask=32 \
    pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_up_2M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=2M pcq-src-address-mask=32 \
    pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_down_5M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=1m pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=5M pcq-src-address-mask=32 \
    pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_up_5M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=1m pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=5M pcq-src-address-mask=32 \
    pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_down_30M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=35M pcq-src-address-mask=\
    32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_up_30M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=35M pcq-src-address-mask=\
    32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_down_100M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=100 pcq-rate=100M \
    pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_up_100M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=100 pcq-rate=100M \
    pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_down_50M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=50M pcq-src-address-mask=\
    32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_up_50M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=50M pcq-src-address-mask=\
    32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_down_400M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=400M pcq-src-address-mask=\
    32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_up_400M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=400M pcq-src-address-mask=\
    32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_down_20M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=20M pcq-src-address-mask=\
    32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_up_20M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=20M pcq-src-address-mask=\
    32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_down_150M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=200M pcq-rate=150M \
    pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_up_150M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=200M pcq-rate=150M \
    pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_down_125M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=125M pcq-rate=125M \
    pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_up_125M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=125M pcq-rate=125M \
    pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_down_200M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=200M pcq-rate=200M \
    pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_up_200M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=200M pcq-rate=200M \
    pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_down_60M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=60M pcq-rate=60M pcq-src-address-mask=\
    32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ_up_60M pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=60M pcq-rate=60M pcq-src-address-mask=\
    32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ-DOWN pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=500M pcq-src-address-mask=\
    32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=PCQ-UP pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=500M pcq-src-address-mask=\
    32 pcq-src-address6-mask=64 pcq-total-limit=2000
set 31 kind=none name=only-hardware-queue
set 32 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 33 kind=pfifo name=default-small pfifo-limit=10
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=400M \
    max-limit=400M name=99-up packet-mark=99_up parent=global-in priority=1 \
    queue=PCQ_up_400M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=400M \
    max-limit=400M name=99-down packet-mark=99_down parent=global-out \
    priority=1 queue=PCQ_down_400M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=35M \
    max-limit=35M name=100-down packet-mark=VLAN100_down parent=global-out \
    priority=1 queue=PCQ_down_30M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=35M \
    max-limit=35M name=100-up packet-mark=VLAN100_up parent=global-in \
    priority=1 queue=PCQ_up_30M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100M \
    max-limit=100M name=110-down packet-mark=VLAN110_down parent=global-out \
    priority=1 queue=PCQ_down_100M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100M \
    max-limit=100M name=110-up packet-mark=VLAN110_up parent=global-in \
    priority=1 queue=PCQ_up_100M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=100M \
    max-limit=100M name=111-down packet-mark=VLAN111_down parent=global-out \
    priority=1 queue=PCQ_down_100M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=100M \
    max-limit=100M name=111-up packet-mark=VLAN111_up parent=global-in \
    priority=1 queue=PCQ_up_100M
add burst-limit=100M burst-threshold=0 burst-time=10s disabled=yes limit-at=\
    100M max-limit=100M name=112-down packet-mark=VLAN112_down parent=\
    global-out priority=1 queue=PCQ_down_100M
add burst-limit=100M burst-threshold=0 burst-time=10s disabled=yes limit-at=\
    100M max-limit=100M name=112-up packet-mark=VLAN112_up parent=global-in \
    priority=1 queue=PCQ_up_100M
add burst-limit=25M burst-threshold=0 burst-time=10s disabled=yes limit-at=\
    20M max-limit=25M name=113-down packet-mark=VLAN113_down parent=\
    global-out priority=1 queue=PCQ_down_20M
add burst-limit=25M burst-threshold=0 burst-time=10s disabled=yes limit-at=\
    20M max-limit=25M name=113-up packet-mark=VLAN113_up parent=global-in \
    priority=1 queue=PCQ_up_20M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=50M \
    max-limit=50M name=114-down packet-mark=VLAN114_down parent=global-out \
    priority=1 queue=PCQ_down_50M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=50M \
    max-limit=50M name=114-up packet-mark=VLAN114_up parent=global-in \
    priority=1 queue=PCQ_up_50M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=40M \
    max-limit=40M name=120-down packet-mark=VLAN120_down parent=global-out \
    priority=4 queue=PCQ_down_40M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=40M \
    max-limit=40M name=120-up packet-mark=VLAN120_up parent=global-in \
    priority=4 queue=PCQ_up_40M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=400M \
    max-limit=400M name=200-down packet-mark=VLAN200_down parent=global-out \
    priority=1 queue=PCQ_down_400M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=400M \
    max-limit=400M name=200-up packet-mark=VLAN200_up parent=global-in \
    priority=1 queue=PCQ_up_400M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=150M \
    max-limit=400M name=299-down packet-mark=VLAN299_down parent=global-out \
    priority=6 queue=PCQ_down_400M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=150M \
    max-limit=400M name=299-up packet-mark=VLAN299_up parent=global-in \
    priority=6 queue=PCQ_up_400M
add burst-limit=0 burst-threshold=0 burst-time=0s comment=\
    "    adam Uplink" disabled=no limit-at=30M max-limit=50M \
    name=ETH2-down packet-mark=ETH2_down parent=global-out priority=1 queue=\
    PCQ_down_50M
add burst-limit=0 burst-threshold=0 burst-time=0s comment=\
    "    adam Uplink" disabled=no limit-at=30M max-limit=50M \
    name=ETH2-up packet-mark=ETH2_up parent=global-in priority=1 queue=\
    PCQ_up_50M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=10M \
    max-limit=10M name=150-up packet-mark=VLAN150_up parent=global-in \
    priority=1 queue=PCQ_up_100M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=10M \
    max-limit=10M name=150-down packet-mark=VLAN150_down parent=global-out \
    priority=1 queue=PCQ_down_100M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=20M \
    max-limit=20M name=115-down packet-mark=VLAN115_down parent=global-out \
    priority=8 queue=PCQ_down_20M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=20M \
    max-limit=20M name=115-up packet-mark=VLAN115_up parent=global-in \
    priority=8 queue=PCQ_up_20M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=30M \
    max-limit=30M name=116-down packet-mark=VLAN116_down parent=global-out \
    priority=1 queue=PCQ_down_30M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=30M \
    max-limit=30M name=116-up packet-mark=VLAN116_up parent=global-in \
    priority=1 queue=PCQ_up_30M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=100M \
    max-limit=100M name=117-down packet-mark=VLAN117_down parent=global-out \
    priority=1 queue=PCQ_down_100M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=100M \
    max-limit=100M name=117-up packet-mark=VLAN117_up parent=global-in \
    priority=1 queue=PCQ_up_100M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=30M \
    max-limit=30M name=118-down packet-mark=VLAN118_down parent=global-out \
    priority=1 queue=PCQ_down_30M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=30M \
    max-limit=30M name=118-up packet-mark=VLAN118_up parent=global-in \
    priority=1 queue=PCQ_up_30M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=50M \
    max-limit=50M name=119-down packet-mark=VLAN119_down parent=global-out \
    priority=4 queue=PCQ_down_50M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=50M \
    max-limit=50M name=119-up packet-mark=VLAN119_up parent=global-in \
    priority=4 queue=PCQ_up_50M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=500M \
    max-limit=500M name=301-down packet-mark=301_down parent=global-out \
    priority=1 queue=PCQ-DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=500M \
    max-limit=500M name=301-up packet-mark=301_up parent=global-in priority=1 \
    queue=PCQ-UP
add burst-limit=205M burst-threshold=0 burst-time=15s disabled=no limit-at=\
    200M max-limit=200M name=302-down packet-mark=VLAN302_down parent=\
    global-out priority=2 queue=PCQ_down_200M
add burst-limit=205M burst-threshold=0 burst-time=15s disabled=no limit-at=\
    200M max-limit=200M name=302-up packet-mark=VLAN302_up parent=global-in \
    priority=2 queue=PCQ_up_200M
add burst-limit=55M burst-threshold=0 burst-time=10s disabled=no limit-at=50M \
    max-limit=50M name=300-down packet-mark=VLAN300_down parent=global-out \
    priority=2 queue=PCQ_down_50M
add burst-limit=55M burst-threshold=0 burst-time=10s disabled=no limit-at=50M \
    max-limit=50M name=300-up packet-mark=VLAN300_up parent=global-in \
    priority=2 queue=PCQ_up_50M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=60M \
    max-limit=60M name=130-up packet-mark=VLAN130_up parent=global-in \
    priority=1 queue=PCQ_up_60M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=60M \
    max-limit=60M name=130-down packet-mark=VLAN130_down parent=global-out \
    priority=1 queue=PCQ_down_60M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Down packet-mark=99_down parent="All Bandwidth" \
    priority=1 queue=PCQ-DOWN
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=UP packet-mark=99_up parent="All Bandwidth" priority=1 \
    queue=PCQ-UP
/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no \
    ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
    no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
    redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set [ find default=yes ] disabled=no distribute-default=never in-filter=\
    ospf-in metric-bgp=auto metric-connected=20 metric-default=1 \
    metric-other-ospf=auto metric-rip=20 metric-static=20 name=default \
    out-filter=ospf-out redistribute-bgp=no redistribute-connected=no \
    redistribute-other-ospf=no redistribute-rip=no redistribute-static=no \
    router-id=0.0.0.0
/routing ospf area
set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=\
    backbone type=default
/snmp community
set [ find default=yes ] address=0.0.0.0/0 authentication-protocol=MD5 \
    encryption-protocol=DES name=public read-access=yes security=none \
    write-access=no
/system logging action
set 0 memory-lines=100 memory-stop-on-full=no name=memory target=memory
set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
    disk-stop-on-full=no name=disk target=disk
set 2 name=echo remember=yes target=echo
set 3 bsd-syslog=no name=remote remote-port=514 src-address=0.0.0.0 \
    syslog-facility=daemon syslog-severity=auto target=remote
/user group
set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,w\
    eb,sniff,sensitive,api,!ftp,!write,!policy" skin=default
set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pa\
    ssword,web,sniff,sensitive,api,!ftp,!policy" skin=default
set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,\
    winbox,password,web,sniff,sensitive,api" skin=default
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
    no
/interface ethernet switch port
set 0 vlan-header=leave-as-is vlan-mode=disabled
set 1 vlan-header=leave-as-is vlan-mode=disabled
set 2 vlan-header=leave-as-is vlan-mode=disabled
set 3 vlan-header=leave-as-is vlan-mode=disabled
set 4 vlan-header=leave-as-is vlan-mode=disabled
set 5 vlan-header=leave-as-is vlan-mode=disabled
set 6 vlan-header=leave-as-is vlan-mode=disabled
set 7 vlan-header=leave-as-is vlan-mode=disabled
set 8 vlan-header=leave-as-is vlan-mode=disabled
set 9 vlan-header=leave-as-is vlan-mode=disabled
set 10 vlan-header=leave-as-is vlan-mode=disabled
set 11 vlan-header=leave-as-is vlan-mode=disabled
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
    default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=128,aes128 default-profile=\
    default enabled=no keepalive-timeout=60 mac-address=FE:0D:2B:8C:22:D4 \
    max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile="  VPN" enabled=yes \
    keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=\
    default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=\
    disabled port=443 verify-client-certificate=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.97.1/29 disabled=no interface=\
    "ether13 - Local Management Interface" network=192.168.97.0
add address=192.168.101.1/24 disabled=no interface="100 -  " network=\
    192.168.101.0
add address=192.168.102.1/24 disabled=no interface="110 - LAN Connections" \
    network=192.168.102.0
add address=192.168.103.1/24 disabled=no interface="130 -   Ticketing" \
    network=192.168.103.0
add address=192.168.104.1/24 disabled=no interface="200 -   Management" \
    network=192.168.104.0
add address=192.168.112.1/22 disabled=no interface="120 - Public Wifi" \
    network=192.168.112.0
add address=192.168.116.1/22 disabled=no interface="140 -" network=\
    192.168.116.0
add address=pub.ip.1/30 disabled=no interface=\
    "ether1 - Incoming FX Fibre" network=pub.ip.2
add address=10.1.10.254/24 disabled=no interface="ether8 - Server " \
    network=10.1.10.0
add address=10.1.1.254/24 disabled=no interface=\
    "ether9 - Server " network=10.1.1.0
add address=192.168.106.1/24 disabled=no interface=\
    "150 -   office" network=192.168.106.0
add address=192.168.98.1/24 disabled=no interface="098 - WLAN Management" \
    network=192.168.98.0
add address=192.168.99.1/24 disabled=no interface="099 - LAN Management" \
    network=192.168.99.0
add address=10.100.1.254/16 disabled=no interface="ether10 -   Server" \
    network=10.100.0.0
add address=192.168.97.17/29 disabled=no interface=\
    "ether2 -     adam" network=192.168.97.16
add address=192.168.105.1/24 disabled=no interface="ether4 - Spare" network=\
    192.168.105.0
add address=192.168.100.1/24 disabled=no interface="300 - wifi Management" \
    network=192.168.100.0
add address=192.168.107.1/24 disabled=no interface=\
    "111 - A2017 -  " network=192.168.107.0
add address=192.168.108.1/24 disabled=no interface=\
    "112 - A2017 -  ractive" network=192.168.108.0
add address=192.168.109.1/24 disabled=no interface="113 - A2017 -  " \
    network=192.168.109.0
add address=192.168.110.1/24 disabled=no interface="114 - A2017 -  " \
    network=192.168.110.0
add address=172.16.0.1/16 disabled=no interface="301 - wifi Public WiFi" \
    network=172.16.0.0
add address=192.168.120.1/21 disabled=no interface="302 - wifi Exhibitor" \
    network=192.168.120.0
add address=192.168.200.1/24 disabled=no interface=\
    "303 - wifi Access Points" network=192.168.200.0
add address=192.168.96.1/24 disabled=no interface="97 -   Backup" \
    network=192.168.96.0
add address=192.168.89.1/24 disabled=no interface="118 - A2017 -  " \
    network=192.168.89.0
add address=192.168.90.1/24 disabled=no interface="117 - A2017 -  " network=\
    192.168.90.0
add address=192.168.88.1/24 disabled=no interface=\
    "115 - A2017 -  " network=192.168.88.0
add address=192.168.91.1/24 disabled=no interface="116 - A2017 -  " \
    network=192.168.91.0
add address=192.168.95.1/24 disabled=no interface="ether3 - spare" network=\
    192.168.95.0
/ip arp
add address=192.168.99.203 disabled=no interface="099 - LAN Management" \
    mac-address=A8:2B:B5:E3:5E:C0
add address=192.168.104.61 disabled=no interface="200 -   Management" \
    mac-address=00:20:6B:60:FE:F2
add address=192.168.101.21 disabled=no interface="100 -  " mac-address=\
    44:8A:5B:98:AB:1B
add address=192.168.200.40 disabled=no interface="303 - wifi Access Points" \
    mac-address=30:05:5C:18:69:12
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server lease
add address=192.168.103.101 client-id=1:28:80:23:f8:3f:bf disabled=no \
    mac-address=28:80:23:F8:3F:BF server="  Ticketing"
add address=192.168.104.28 disabled=no mac-address=00:20:6B:66:41:04 server=\
    "  management"
add address=192.168.103.71 disabled=no mac-address=B4:2C:BE:3A:EE:40 server=\
    "  Ticketing"
add address=192.168.103.72 disabled=no mac-address=B4:2C:BE:3A:ED:8F server=\
    "  Ticketing"
add address=192.168.103.73 disabled=no mac-address=B4:2C:BE:3A:ED:9A server=\
    "  Ticketing"
add address=192.168.103.75 disabled=no mac-address=B4:2C:BE:3A:ED:56 server=\
    "  Ticketing"
add address=192.168.103.76 disabled=no mac-address=B4:2C:BE:3A:EE:45 server=\
    "  Ticketing"
add address=192.168.101.20 client-id=1:0:15:94:c2:f6:d0 comment=\
    "Receipt Printer for Coffee" disabled=no mac-address=00:15:94:C2:F6:D0 \
    server= 
/ip dhcp-server network
add address=172.16.0.0/16 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=172.16.0.1 ntp-server="" wins-server=""
add address=192.168.88.0/24 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.88.1 ntp-server="" wins-server=""
add address=192.168.89.0/24 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.89.1 ntp-server="" wins-server=""
add address=192.168.90.0/24 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.90.1 ntp-server="" wins-server=""
add address=192.168.91.0/24 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.91.1 ntp-server="" wins-server=""
add address=192.168.92.0/24 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.92.1 ntp-server="" wins-server=""
add address=192.168.93.0/24 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.93.1 ntp-server="" wins-server=""
add address=192.168.94.0/24 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.94.1 ntp-server="" wins-server=""
add address=192.168.95.0/24 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.95.1 ntp-server="" wins-server=""
add address=192.168.96.0/24 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.96.1 ntp-server="" wins-server=""
add address=192.168.97.0/29 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.97.1 ntp-server="" wins-server=""
add address=192.168.98.0/24 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.98.1 ntp-server="" wins-server=""
add address=192.168.99.0/24 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.99.1 ntp-server="" wins-server=""
add address=192.168.100.0/24 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.100.1 ntp-server="" wins-server=""
add address=192.168.101.0/24 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.101.1 ntp-server="" wins-server=""
add address=192.168.102.0/24 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.102.1 ntp-server="" wins-server=""
add address=192.168.103.0/24 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.103.1 ntp-server="" wins-server=""
add address=192.168.104.0/24 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.104.1 ntp-server="" wins-server=""
add address=192.168.105.0/24 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.105.1 ntp-server="" wins-server=""
add address=192.168.106.0/24 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.106.1 netmask=24 ntp-server="" wins-server=""
add address=192.168.107.0/24 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.107.1 ntp-server="" wins-server=""
add address=192.168.108.0/24 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.108.1 ntp-server="" wins-server=""
add address=192.168.109.0/24 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.109.1 ntp-server="" wins-server=""
add address=192.168.110.0/24 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.110.1 ntp-server="" wins-server=""
add address=192.168.111.0/24 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.111.1 ntp-server="" wins-server=""
add address=192.168.112.0/22 comment="hotspot network" dhcp-option="" \
    dns-server="" gateway=192.168.112.1 ntp-server="" wins-server=""
add address=192.168.113.0/24 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.113.1 ntp-server="" wins-server=""
add address=192.168.116.0/22 comment="hotspot network" dhcp-option="" \
    dns-server=pub.ip.3,8.8.8.8 gateway=192.168.116.1 ntp-server="" \
    wins-server=""
add address=192.168.120.0/21 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.120.1 ntp-server="" wins-server=""
add address=192.168.200.0/22 dhcp-option="" dns-server=pub.ip.3,8.8.8.8 \
    gateway=192.168.200.1 ntp-server="" wins-server=""
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
    max-udp-packet-size=4096 servers=pub.ip.3,pub.ip.7,pub.ip.8
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
    tcp-close-wait-timeout=10s tcp-established-timeout=1d \
    tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
    tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
    tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=accept chain=input comment=\
    "**START OF INPUT CHAIN**   Allow established connections into router" \
    connection-state=established disabled=no
add action=drop chain=input comment=\
    "Drop invalid packets coming into the router" connection-state=invalid \
    disabled=no
add action=accept chain=forward comment="***START OF FORWARD CHAIN***  Allow e\
    stablished connections forwarding through router" connection-state=\
    established disabled=no
add action=drop chain=forward comment=\
    "Drop invalid packets forwarding through the router" connection-state=\
    invalid disabled=no
add action=accept chain=input comment=\
    "Allow ICMP pings from all interfaces into the router" disabled=no \
    protocol=icmp
add action=accept chain=forward comment=\
    "Allow related connections forwarding through the router" \
    connection-state=related disabled=no
add action=accept chain=input comment="Allow related connections into router" \
    connection-state=related disabled=no
add action=accept chain=forward comment=\
    "allow   backup network traffic out to the Internet" \
    connection-state=new disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.96.0/24
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.96.10 dst-port=21 protocol=tcp src-address=pub.ip.11
add action=accept chain=forward comment="FOR     OFFICE - DO NOT T\
    OUCH - allow all traffic to forward to this ip from public ip pub.ip.4 via 1:1 NAT" disabled=no dst-address=192.168.97.18
add action=accept chain=input comment="FOR     OFFICE - DO NOT TOU\
    CH - allow all traffic to input for VPN access" disabled=no dst-address=\
    192.168.97.17
add action=accept chain=input comment="FOR     OFFICE - DO NOT TOU\
    CH - allow all traffic to input for VPN access" disabled=no src-address=\
    192.168.97.17
add action=accept chain=forward comment=\
    "FOR     OFFICE - DO NOT TOUCH" disabled=no src-address=\
    192.168.97.16/29
add action=accept chain=forward comment=\
    "17 rules for allowing traffic to pass to wifi   and other server " \
    connection-state=new disabled=no dst-address=192.168.100.254 dst-port=\
    12223 protocol=udp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=21 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=22 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=16384-65000 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=9443 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=9080 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=9997-9998 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=8111 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=8099-8100 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=8090 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=8443 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=8080 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=443 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=91 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=11443 protocol=tcp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=161 protocol=udp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.254 dst-port=123 protocol=udp
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.253 dst-port=80 protocol=tcp
add action=accept chain=forward comment="Allow new connections from  _Manag\
    ement VLAN\\subnet out to the internet" connection-state=new disabled=no \
    in-interface="200 -   Management" out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.104.0/24
add action=accept chain=forward comment="2 rules to allow the weird nat stuff \
    between vlan 303 and vlan 300 to work" disabled=no dst-address=\
    pub.ip.1 src-address=192.168.100.0
add action=accept chain=forward disabled=no dst-address=192.168.100.0 \
    src-address=pub.ip.1
add action=accept chain=forward comment="2 rules to allow the weird nat stuff \
    between vlan 117 and vlan 300 to work" disabled=no dst-address=\
    pub.ip.1 src-address=192.168.90.0
add action=accept chain=forward disabled=no dst-address=192.168.90.0 \
    src-address=pub.ip.1
add action=accept chain=input comment=\
    "2 rules to enable access for dns requests into the router" disabled=no \
    dst-port=53 in-interface="303 - wifi Access Points" protocol=tcp \
    src-address=192.168.200.0/22
add action=accept chain=input disabled=no dst-port=53 in-interface=\
    "303 - wifi Access Points" protocol=udp src-address=192.168.200.0/22
add action=accept chain=forward comment=\
    "2 rules to enable routing between vlan 303 and vlan 300" \
    connection-state=new disabled=no dst-address=192.168.100.0/24 \
    src-address=192.168.200.0/22
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.200.0/22 src-address=192.168.100.0/24
add action=accept chain=forward comment=\
    "2 rules to enable routing between vlan 99 and vlan 303" \
    connection-state=new disabled=no dst-address=192.168.200.0/22 \
    src-address=192.168.99.0/24
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.99.0/24 src-address=192.168.200.0/22
add action=accept chain=forward comment=\
    "2 rules to enable routing between vlan 99 and vlan 300" \
    connection-state=new disabled=no dst-address=192.168.99.0/24 src-address=\
    192.168.100.0/24
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.0/24 src-address=192.168.99.0/24
add action=accept chain=forward comment=\
    "2 rules to enable routing between   VPN and vlan 300" \
    connection-state=new disabled=no dst-address=192.168.97.0/24 src-address=\
    192.168.100.0/24
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.100.0/24 src-address=192.168.97.0/24
add action=accept chain=forward comment=\
    "2 rules to enable routing between ASL VPN and vlan 130" \
    connection-state=new disabled=no dst-address=192.168.97.0/24 src-address=\
    192.168.103.0/24
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.103.0/24 src-address=192.168.97.0/24
add action=accept chain=forward comment=\
    "allow vlan 303 access to the Internet" connection-state=new disabled=no \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.200.0/22
add action=accept chain=forward comment=\
    "allow vlan 303 access to the Internet" connection-state=new disabled=no \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.200.0/22
add action=accept chain=forward comment="FOR wifi WIFI AT   2014" \
    disabled=yes src-address=192.168.100.0/30
add action=accept chain=forward comment="allow new connections from wifi Man\
    agement network out to the Internet" connection-state=new disabled=no \
    in-interface="300 - wifi Management" out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.100.0/24
add action=accept chain=forward comment=\
    "Allow traffic out to Internet from VLAN 119" connection-state=new \
    disabled=yes in-interface="ether3 - spare" out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.95.0/24
add action=accept chain=input comment=\
    "Allow TCP DNS from VLAN 119 into router" connection-state=new disabled=\
    yes dst-port=53 in-interface="ether3 - spare" protocol=tcp src-address=\
    192.168.95.0/24
add action=accept chain=input comment=\
    "Allow UDP DNS from VLAN 119 into router" connection-state=new disabled=\
    yes dst-port=53 in-interface="ether3 - spare" protocol=udp src-address=\
    192.168.95.0/24
add action=accept chain=forward comment=\
    "Allow routing between the LAN management VLAN and VPN connections" \
    connection-state=new disabled=no dst-address=192.168.97.9-192.168.97.14 \
    in-interface="099 - LAN Management" src-address=192.168.99.0/24
add action=accept chain=forward connection-state=new disabled=no dst-address=\
    192.168.99.0/24 src-address=192.168.97.9-192.168.97.14
add action=accept chain=forward comment=\
    "Allow VPN Clients to reach each other" connection-state=new disabled=no \
    dst-address=192.168.97.9-192.168.97.15 src-address=\
    192.168.97.9-192.168.97.15
add action=accept chain=input comment="Allow VPN connections into router" \
    disabled=no dst-address=pub.ip.1 dst-port=1723 in-interface=\
    "ether1 - Incoming FX Fibre" protocol=tcp
add action=accept chain=forward comment="Allow new connections from the Local \
    Management interface out to the Internet" disabled=no in-interface=\
    "ether13 - Local Management Interface" out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.97.0/29
add action=accept chain=forward comment="Allow new connections from the WLAN M\
    anagement interface out to the Internet" connection-state=new disabled=\
    yes in-interface="098 - WLAN Management" out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.98.0/24
add action=accept chain=forward comment="Allow new connections from the LAN Ma\
    nagement interface out to the Internet" connection-state=new disabled=no \
    in-interface="099 - LAN Management" out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.99.0/24
add action=accept chain=forward comment=\
    "Allow new connections from   VLAN\\subnet out to the Internet" \
    connection-state=new disabled=no in-interface="100 -  " \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.101.0/24
add action=accept chain=forward comment="Allow new connections from LAN_Connec\
    tions VLAN\\subnet out to the Internet" connection-state=new disabled=no \
    in-interface="110 - LAN Connections" out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.102.0/24
add action=accept chain=forward comment="Allow new connections from   Ti\
    cketing VLAN\\subnet out to the Internet" connection-state=new disabled=\
    no in-interface="130 -   Ticketing" out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.103.0/24
add action=accept chain=forward comment=\
    "Allow new connections from   VLAN\\subnet out to the internet" \
    connection-state=new disabled=yes in-interface=\
    "111 - A2017 -  " out-interface="ether1 - Incoming FX Fibre" \
    src-address=192.168.107.0/24
add action=accept chain=forward comment="Allow new connections from  \
    ractive VLAN\\subnet out to the internet" connection-state=new disabled=\
    yes in-interface="112 - A2017 -  ractive" out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.108.0/24
add action=accept chain=forward comment=\
    "Allow new connections from   VLAN\\subnet out to the internet" \
    connection-state=new disabled=yes in-interface="113 - A2017 -  " \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.109.0/24
add action=accept chain=forward comment=\
    "Allow new connections from   VLAN\\subnet out to the internet" \
    connection-state=new disabled=yes in-interface="114 - A2017 -  " \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.110.0/24
add action=accept chain=forward comment="Allow new connections from Rea\
    lity VLAN\\subnet out to the internet" connection-state=new disabled=yes \
    in-interface="115 - A2017 -  " out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.88.0/24
add action=accept chain=forward comment=\
    "Allow new connections from   VLAN\\subnet out to the internet" \
    connection-state=new disabled=yes in-interface="116 - A2017 -  " \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.91.0/24
add action=accept chain=forward comment=\
    "Allow new connections from   VLAN\\subnet out to the internet" \
    connection-state=new disabled=yes in-interface="117 - A2017 -  " \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.90.0/24
add action=accept chain=forward comment=\
    "Allow new connections from  VLAN\\subnet out to the internet" \
    connection-state=new disabled=yes in-interface="118 - A2017 -  " \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.89.0/24
add action=accept chain=forward comment=\
    "Allow new connections from  VLAN\\subnet out to the internet" \
    connection-state=new disabled=yes in-interface="ether3 - spare" \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.95.0/24
add action=accept chain=forward comment=\
    "Allow new connections from   VLAN subnet out to the internet" \
    connection-state=new disabled=yes in-interface=\
    "150 -   office" out-interface="ether1 - Incoming FX Fibre" \
    src-address=192.168.106.0/24
add action=accept chain=forward comment="Allow new connections from Premium_Wi\
    fi VLAN\\subnet out to the Internet" connection-state=new disabled=yes \
    in-interface="301 - wifi Public WiFi" out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.116.0/22
add action=accept chain=forward comment=\
    "Allow traffic from VLAN 301 out to the Internet" connection-state=new \
    disabled=no in-interface="301 - wifi Public WiFi" out-interface=\
    "ether1 - Incoming FX Fibre" src-address=172.16.0.0/16
add action=accept chain=forward comment="Allow traffic from VLAN 301 to access\
    \_the   server and the other server on vlan 300" connection-state=new \
    disabled=no dst-address=192.168.100.253-192.168.100.254 in-interface=\
    "301 - wifi Public WiFi" out-interface="300 - wifi Management" \
    src-address=172.16.0.0/16
add action=accept chain=forward comment="return path for previous rule" \
    connection-state=new disabled=no dst-address=172.16.0.0/16 in-interface=\
    "300 - wifi Management" out-interface="301 - wifi Public WiFi" \
    src-address=192.168.100.253-192.168.100.254
add action=accept chain=forward comment=\
    "Allow traffic from VLAN 302 out to the Internet" connection-state=new \
    disabled=no in-interface="302 - wifi Exhibitor" out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.120.0/21
add action=accept chain=forward comment="Allow traffic from VPN to go back out\
    \_to the Internet or else my Internet is broken when connected to this pla\
    ce" connection-state=new disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.97.9-192.168.97.14
add action=accept chain=forward comment="allow routing between router local ma\
    nagement interface and WLAN management subnet" connection-state=new \
    disabled=yes dst-address=192.168.98.0/24 in-interface=\
    "ether13 - Local Management Interface" out-interface=\
    "098 - WLAN Management" src-address=192.168.97.0/29
add action=accept chain=forward comment="allow routing between router local ma\
    nagement interface and LAN management subnet" connection-state=new \
    disabled=no dst-address=192.168.99.0/24 in-interface=\
    "ether13 - Local Management Interface" out-interface=\
    "099 - LAN Management" src-address=192.168.97.0/29
add action=accept chain=forward comment="allow routing between router local ma\
    nagement interface and WLAN management subnet" connection-state=new \
    disabled=yes dst-address=192.168.97.0/29 in-interface=\
    "098 - WLAN Management" out-interface=\
    "ether13 - Local Management Interface" src-address=192.168.98.0/24
add action=accept chain=forward comment="allow routing between router local ma\
    nagement interface and LAN management subnet" connection-state=new \
    disabled=no dst-address=192.168.97.0/29 in-interface=\
    "099 - LAN Management" out-interface=\
    "ether13 - Local Management Interface" src-address=192.168.99.0/24
add action=accept chain=forward comment=\
    "allow routing between WLAN and LAN management subnets" connection-state=\
    new disabled=yes dst-address=192.168.99.0/24 in-interface=\
    "098 - WLAN Management" out-interface="099 - LAN Management" src-address=\
    192.168.98.0/24
add action=accept chain=forward comment=\
    "allow routing between WLAN and LAN management subnets" connection-state=\
    new disabled=yes dst-address=192.168.98.0/24 in-interface=\
    "099 - LAN Management" out-interface="098 - WLAN Management" src-address=\
    192.168.99.0/24
add action=accept chain=forward comment=\
    "Allow routing between VPN connections and WLAN management VLAN" \
    connection-state=new disabled=yes dst-address=192.168.98.0/24 \
    out-interface="098 - WLAN Management" src-address=\
    192.168.97.9-192.168.97.14
add action=accept chain=forward comment=\
    "Allow routing between VPN connections and the LAN management VLAN" \
    connection-state=new disabled=no dst-address=192.168.99.0/24 \
    out-interface="099 - LAN Management" src-address=\
    192.168.97.9-192.168.97.14
add action=accept chain=forward comment=\
    "Allow routing between the WLAN management VLAN and VPN connections" \
    connection-state=new disabled=yes dst-address=192.168.97.9-192.168.97.14 \
    in-interface="098 - WLAN Management" src-address=192.168.98.0/24
add action=accept chain=input comment=\
    "Allow VPN connections access to the internals of the router" \
    connection-state=new disabled=no src-address=192.168.97.8/29
add action=accept chain=input comment="Allow any traffic into router from LAN \
    management (subnet 192.168.99.0/24)" disabled=no in-interface=\
    "099 - LAN Management" src-address=192.168.99.0/24
add action=accept chain=input comment="Allow any traffic into router from loca\
    l management (subnet 192.168.97.0/24)" disabled=no in-interface=\
    "ether13 - Local Management Interface" src-address=192.168.97.0/29
add action=accept chain=input comment=\
    "Allow DNS traffic into router from WLAN management" disabled=yes \
    dst-port=53 in-interface="098 - WLAN Management" protocol=tcp \
    src-address=192.168.98.0/24
add action=accept chain=input comment=\
    "Allow DNS traffic into router from WLAN management" disabled=yes \
    dst-port=53 in-interface="098 - WLAN Management" protocol=udp \
    src-address=192.168.98.0/24
add action=accept chain=input comment=\
    "Allow DNS requests over UDP into router" disabled=yes dst-port=53 \
    in-interface="150 -   office" protocol=udp src-address=\
    192.168.3.0/24
add action=accept chain=input comment=\
    "Allow DNS requests over TCP into router" disabled=yes dst-port=53 \
    in-interface="150 -   office" protocol=tcp src-address=\
    192.168.3.0/24
add action=accept chain=input comment=\
    "Allow dns requests from   VLAN (subnet 192.168.101.0/24)" disabled=\
    no dst-port=53 in-interface="100 -  " protocol=tcp src-address=\
    192.168.101.0/24
add action=accept chain=input comment=\
    "Allow dns requests from   VLAN (subnet 192.168.101.0/24)" disabled=\
    no dst-port=53 in-interface="100 -  " protocol=udp src-address=\
    192.168.101.0/24
add action=accept chain=input comment=\
    "Allow dns requests from LAN_Connections VLAN (subnet 192.168.102.0/24)" \
    disabled=no dst-port=53 in-interface="110 - LAN Connections" protocol=tcp \
    src-address=192.168.102.0/24
add action=accept chain=input comment=\
    "Allow dns requests from LAN_Connections VLAN (subnet 192.168.102.0/24)" \
    disabled=no dst-port=53 in-interface="110 - LAN Connections" protocol=udp \
    src-address=192.168.102.0/24
add action=accept chain=input comment=\
    "Allow dns requests from Misc VLAN (subnet 192.168.103.0/24)" disabled=no \
    dst-port=53 in-interface="130 -   Ticketing" protocol=tcp \
    src-address=192.168.103.0/24
add action=accept chain=input comment=\
    "Allow dns requests from Misc VLAN (subnet 192.168.103.0/24)" disabled=no \
    dst-port=53 in-interface="130 -   Ticketing" protocol=udp \
    src-address=192.168.103.0/24
add action=accept chain=input comment=\
    "Allow dns requests from  _Management VLAN (subnet 192.168.104.0/24)" \
    disabled=no dst-port=53 in-interface="200 -   Management" protocol=tcp \
    src-address=192.168.104.0/24
add action=accept chain=input comment=\
    "Allow dns requests from  _Management VLAN (subnet 192.168.104.0/24)" \
    disabled=no dst-port=53 in-interface="200 -   Management" protocol=udp \
    src-address=192.168.104.0/24
add action=accept chain=input comment=\
    "Allow dns requests from PUBLIC_Wifi VLAN (subnet 192.168.112.0/22)" \
    disabled=no dst-port=53 in-interface="120 - Public Wifi" protocol=tcp \
    src-address=192.168.112.0/22
add action=accept chain=input comment=\
    "Allow dns requests from PUBLIC_Wifi VLAN (subnet 192.168.112.0/22)" \
    disabled=no dst-port=53 in-interface="120 - Public Wifi" protocol=udp \
    src-address=192.168.112.0/22
add action=accept chain=input comment=\
    "Accept HTTP requests on port 80 from public hotspot" disabled=yes \
    dst-port=80 in-interface="120 - Public Wifi" protocol=tcp src-address=\
    192.168.112.0/22
add action=accept chain=input comment=\
    "Allow HTTPS requests on port 443 from public hotspot" disabled=yes \
    dst-port=443 in-interface="120 - Public Wifi" protocol=tcp src-address=\
    192.168.112.0/22
add action=accept chain=input comment=\
    "Allow connections to proxy on port 3128 from public hotspot" disabled=\
    yes dst-port=3128 in-interface="120 - Public Wifi" protocol=tcp \
    src-address=192.168.112.0/22
add action=accept chain=input comment=\
    "Allow connections to a proxy on port 8080 from public hotspot" disabled=\
    yes dst-port=8080 in-interface="120 - Public Wifi" protocol=tcp \
    src-address=192.168.112.0/22
add action=accept chain=input comment=\
    "Allow SMTP traffic into router on port 25 from public hotspot" disabled=\
    yes dst-port=25 in-interface="120 - Public Wifi" protocol=tcp \
    src-address=192.168.112.0/22
add action=accept chain=input comment=\
    "Allow dns requests from Premium Wifi VLAN (subnet 192.168.116.0/22)" \
    disabled=yes dst-port=53 in-interface="140 -" protocol=udp src-address=\
    192.168.116.0/22
add action=accept chain=input comment=\
    "Allow dns requests from Premium Wifi VLAN (subnet 192.168.116.0/22)" \
    disabled=yes dst-port=53 in-interface="140 -" protocol=tcp src-address=\
    192.168.116.0/22
add action=accept chain=input comment=\
    "Accept HTTP requests on port 80 from private hotspot" disabled=yes \
    dst-port=80 in-interface="140 -" protocol=tcp src-address=\
    192.168.116.0/22
add action=accept chain=input comment=\
    "Allow HTTPS requests on port 443 from private hotspot" disabled=yes \
    dst-port=443 in-interface="140 -" protocol=tcp src-address=\
    192.168.116.0/22
add action=accept chain=input comment=\
    "Allow connections to proxy on port 3128 from private hotspot" disabled=\
    yes dst-port=3128 in-interface="140 -" protocol=tcp src-address=\
    192.168.116.0/22
add action=accept chain=input comment=\
    "Allow connections to a proxy on port 8080 from private hotspot" \
    disabled=yes dst-port=8080 in-interface="140 -" protocol=tcp src-address=\
    192.168.116.0/22
add action=accept chain=forward comment=\
    "Ubiquiti Controller Port Forwarding Rules" connection-state=new \
    disabled=no dst-address=192.168.99.253 dst-port=8085 protocol=tcp
add action=accept chain=forward disabled=no dst-address=192.168.99.253 \
    dst-port=3478 in-interface="ether1 - Incoming FX Fibre" protocol=udp
add action=accept chain=forward comment=\
    "Allow   network to    " connection-state=new disabled=\
    no dst-address=192.168.96.10 dst-port=21 protocol=tcp src-address=\
    pub.ip.9
add action=accept chain=forward comment="HTTPS ON DIFFERENT PORT" \
    connection-state=new disabled=no dst-address=pub.ip.1 dst-port=\
    4443 protocol=tcp
add action=accept chain=forward comment=\
    "Intervlan routing between   stage and    " connection-state=new \
    disabled=yes dst-address=192.168.95.0/24 src-address=192.168.90.0/24
add action=accept chain=forward connection-state=new disabled=yes \
    dst-address=192.168.90.0/24 src-address=192.168.95.0/24
add action=accept chain=forward comment="SSL 4443 to our webserver" disabled=\
    no dst-address=192.168.100.253 dst-port=4443 protocol=tcp
add action=accept chain=forward comment="RDP access to webserver" disabled=\
    yes dst-address=192.168.100.253 dst-port=3389 protocol=tcp
add action=drop chain=input comment="*** END OF INPUT CHAIN ***           Drop\
    \_all other packets headed into the router" disabled=no
add action=drop chain=forward comment="*** END OF FORWARD CHAIN ***      Drop \
    any other packets trying to pass through the router" disabled=no
/ip firewall mangle
add action=jump chain=prerouting comment="If a packet already belongs to a mar\
    ked connection, then go to packet marking." connection-mark=!no-mark \
    disabled=no jump-target=packet-marking
add action=mark-connection chain=prerouting comment=\
    "ETH2 - Mark packets on upload" disabled=no new-connection-mark=ETH2_conn \
    passthrough=yes src-address=192.168.97.16/29
add action=mark-connection chain=prerouting comment=\
    "VLAN99 - Mark packets on upload" disabled=no new-connection-mark=\
    VLAN99_conn passthrough=yes src-address=192.168.99.0/24
add action=mark-connection chain=prerouting comment=\
    "VLAN301 - Mark packets on upload" disabled=no new-connection-mark=\
    VLAN301_conn passthrough=yes src-address=172.16.0.0/16
add action=jump chain=prerouting comment="initial packets that created the con\
    nection mark need to get a packet mark" disabled=no jump-target=\
    packet-marking
add action=jump chain=packet-marking comment=\
    "use a separate chain for download packets" disabled=no in-interface=\
    "ether1 - Incoming FX Fibre" jump-target=download-packet-marking
add action=mark-packet chain=packet-marking connection-mark=ETH2_conn \
    disabled=no new-packet-mark=ETH2_up_new passthrough=no
add action=mark-packet chain=packet-marking connection-mark=VLAN99_conn \
    disabled=no new-packet-mark=99_up passthrough=no
add action=mark-packet chain=packet-marking connection-mark=VLAN301_conn \
    disabled=no new-packet-mark=301_up passthrough=no
add action=mark-packet chain=download-packet-marking connection-mark=\
    ETH2_conn disabled=no new-packet-mark=ETH2_down_new passthrough=no
add action=mark-packet chain=download-packet-marking connection-mark=\
    VLAN99_conn disabled=no new-packet-mark=99_down passthrough=no
add action=mark-packet chain=download-packet-marking connection-mark=\
    VLAN301_conn disabled=no new-packet-mark=301_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "ETH2 - mark packets upload" disabled=no new-connection-mark=ETH2_conn_up \
    passthrough=yes src-address=192.168.97.16/29
add action=mark-packet chain=prerouting connection-mark=ETH2_conn_up \
    disabled=no new-packet-mark=ETH2_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "ETH2 - mark packets download" disabled=no dst-address=192.168.97.16/29 \
    new-connection-mark=ETH2_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=ETH2_conn_down \
    disabled=no new-packet-mark=ETH2_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "99 - mark packets upload" disabled=yes new-connection-mark=\
    VLAN99_conn_up passthrough=yes src-address=192.168.99.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN99_conn_up \
    disabled=yes new-packet-mark=VLAN99_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "99 - mark packets download" disabled=yes dst-address=192.168.99.0/24 \
    new-connection-mark=VLAN99_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN99_conn_down \
    disabled=yes new-packet-mark=VLAN99_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "100 - mark packets upload" disabled=no new-connection-mark=\
    VLAN100_conn_up passthrough=yes src-address=192.168.101.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN100_conn_up \
    disabled=no new-packet-mark=VLAN100_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "100 - mark packets download" disabled=no dst-address=192.168.101.0/24 \
    new-connection-mark=VLAN100_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN100_conn_down \
    disabled=no new-packet-mark=VLAN100_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "110 - mark packets upload" disabled=no new-connection-mark=\
    VLAN110_conn_up passthrough=yes src-address=192.168.102.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN110_conn_up \
    disabled=no new-packet-mark=VLAN110_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "110 - mark packets download" disabled=no dst-address=192.168.102.0/24 \
    new-connection-mark=VLAN110_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN110_conn_down \
    disabled=no new-packet-mark=VLAN110_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "111 - mark packets upload" disabled=yes new-connection-mark=\
    VLAN111_conn_up passthrough=yes src-address=192.168.107.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN111_conn_up \
    disabled=yes new-packet-mark=VLAN111_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "111 - mark packets download" disabled=yes dst-address=192.168.107.0/24 \
    new-connection-mark=VLAN111_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN111_conn_down \
    disabled=yes new-packet-mark=VLAN111_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "112 - mark packets upload" disabled=yes new-connection-mark=\
    VLAN112_conn_up passthrough=yes src-address=192.168.108.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN112_conn_up \
    disabled=yes new-packet-mark=VLAN112_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "112 - mark packets download" disabled=yes dst-address=192.168.108.0/24 \
    new-connection-mark=VLAN112_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN112_conn_down \
    disabled=yes new-packet-mark=VLAN112_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "113 - mark packets upload" disabled=yes new-connection-mark=\
    VLAN113_conn_up passthrough=yes src-address=192.168.109.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN113_conn_up \
    disabled=yes new-packet-mark=VLAN113_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "113 - mark packets download" disabled=yes dst-address=192.168.109.0/24 \
    new-connection-mark=VLAN113_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN113_conn_down \
    disabled=yes new-packet-mark=VLAN113_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "114 - mark packets upload" disabled=yes new-connection-mark=\
    VLAN114_conn_up passthrough=yes src-address=192.168.110.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN114_conn_up \
    disabled=yes new-packet-mark=VLAN114_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "114 - mark packets download" disabled=yes dst-address=192.168.110.0/24 \
    new-connection-mark=VLAN114_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN114_conn_down \
    disabled=yes new-packet-mark=VLAN114_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "115 - mark packets upload" disabled=yes new-connection-mark=\
    VLAN115_conn_up passthrough=yes src-address=192.168.88.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN115_conn_up \
    disabled=yes new-packet-mark=VLAN115_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "115 - mark packets download" disabled=yes dst-address=192.168.88.0/24 \
    new-connection-mark=VLAN115_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN115_conn_down \
    disabled=yes new-packet-mark=VLAN115_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "116 - mark packets upload" disabled=yes new-connection-mark=\
    VLAN116_conn_up passthrough=yes src-address=192.168.91.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN116_conn_up \
    disabled=yes new-packet-mark=VLAN116_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "116 - mark packets download" disabled=yes dst-address=192.168.91.0/24 \
    new-connection-mark=VLAN116_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN116_conn_down \
    disabled=yes new-packet-mark=VLAN116_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "117 - mark packets upload" disabled=yes new-connection-mark=\
    VLAN117_conn_up passthrough=yes src-address=192.168.90.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN117_conn_up \
    disabled=yes new-packet-mark=VLAN117_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "117 - mark packets download" disabled=yes dst-address=192.168.90.0/24 \
    new-connection-mark=VLAN117_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN117_conn_down \
    disabled=yes new-packet-mark=VLAN117_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "118 - mark packets upload" disabled=yes new-connection-mark=\
    VLAN118_conn_up passthrough=yes src-address=192.168.89.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN118_conn_up \
    disabled=yes new-packet-mark=VLAN118_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "118 - mark packets download" disabled=yes dst-address=192.168.89.0/24 \
    new-connection-mark=VLAN118_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN118_conn_down \
    disabled=yes new-packet-mark=VLAN118_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "119 - mark packets upload" disabled=no new-connection-mark=\
    VLAN119_conn_up passthrough=yes src-address=192.168.95.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN119_conn_up \
    disabled=no new-packet-mark=VLAN119_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "119 - mark packets download" disabled=no dst-address=192.168.95.0/24 \
    new-connection-mark=VLAN119_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN119_conn_down \
    disabled=no new-packet-mark=VLAN119_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "120 - mark packets upload" disabled=no new-connection-mark=\
    VLAN120_conn_up passthrough=yes src-address=192.168.112.0/22
add action=mark-packet chain=prerouting connection-mark=VLAN120_conn_up \
    disabled=no new-packet-mark=VLAN120_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "120 - mark packets download" disabled=no dst-address=192.168.112.0/22 \
    new-connection-mark=VLAN120_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN120_conn_down \
    disabled=no new-packet-mark=VLAN120_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "VLAN130 - mark upload packets" disabled=no new-connection-mark=\
    VLAN130_conn_up passthrough=yes src-address=192.168.103.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN130_conn_up \
    disabled=no new-packet-mark=VLAN130_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "vlan 130 - mark packets download" disabled=no dst-address=\
    192.168.103.0/24 new-connection-mark=VLAN130_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN130_conn_down \
    disabled=no new-packet-mark=VLAN130_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "200 - mark packets upload" disabled=no new-connection-mark=\
    VLAN200_conn_up passthrough=yes src-address=192.168.104.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN200_conn_up \
    disabled=no new-packet-mark=VLAN200_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "200 - mark packets download" disabled=no dst-address=192.168.104.0/24 \
    new-connection-mark=VLAN200_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN200_conn_down \
    disabled=no new-packet-mark=VLAN200_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "299 - mark packets upload" disabled=yes new-connection-mark=\
    VLAN299_conn_up passthrough=yes src-address=192.168.100.2
add action=mark-packet chain=prerouting connection-mark=VLAN299_conn_up \
    disabled=yes new-packet-mark=VLAN299_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "299 - mark packets download" disabled=yes dst-address=192.168.100.2 \
    new-connection-mark=VLAN299_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN299_conn_down \
    disabled=yes new-packet-mark=VLAN299_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "150 - mark packets upload" disabled=yes new-connection-mark=\
    VLAN150_conn_up passthrough=yes src-address=192.168.106.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN150_conn_up \
    disabled=yes new-packet-mark=VLAN150_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "150 - mark packets download" disabled=yes dst-address=192.168.106.0/24 \
    new-connection-mark=VLAN150_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN150_conn_down \
    disabled=yes new-packet-mark=VLAN150_down passthrough=no
add action=mark-connection chain=postrouting comment=\
    "301 - mark packets download" disabled=yes dst-address=172.16.0.0/16 \
    new-connection-mark=VLAN301_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN301_conn_down \
    disabled=yes new-packet-mark=VLAN301_down passthrough=no
add action=mark-connection chain=prerouting comment="301-mark packets up" \
    disabled=yes new-connection-mark=VLAN301_conn_up passthrough=yes \
    src-address=172.16.0.0/16
add action=mark-packet chain=prerouting connection-mark=VLAN301_conn_up \
    disabled=yes new-packet-mark=VLAN301_up passthrough=no
add action=mark-connection chain=prerouting comment="302 - mark packets up" \
    disabled=no new-connection-mark=VLAN302_conn_up passthrough=yes \
    src-address=192.168.120.0/21
add action=mark-packet chain=prerouting connection-mark=VLAN302_conn_up \
    disabled=no new-packet-mark=VLAN302_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "302 - mark packets down" disabled=no dst-address=192.168.120.0/21 \
    new-connection-mark=VLAN302_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN302_conn_down \
    disabled=no new-packet-mark=VLAN302_down passthrough=no
add action=mark-connection chain=prerouting comment=\
    "300 - marking upload packets" disabled=no new-connection-mark=\
    VLAN300_conn_up passthrough=yes src-address=192.168.100.0/24
add action=mark-packet chain=prerouting connection-mark=VLAN300_conn_up \
    disabled=no new-packet-mark=VLAN300_up passthrough=no
add action=mark-connection chain=postrouting comment=\
    "300 - mark packets download" disabled=no dst-address=192.168.100.0/24 \
    new-connection-mark=VLAN300_conn_down passthrough=yes
add action=mark-packet chain=postrouting connection-mark=VLAN300_conn_down \
    disabled=no new-packet-mark=VLAN300_down passthrough=no
/ip firewall nat
add action=dst-nat chain=dstnat comment=\
    "2 rules for   Backup server to use a different public IP" disabled=\
    no dst-address=pub.ip.5 dst-port=21 protocol=tcp to-addresses=\
    192.168.96.10 to-ports=21
add action=src-nat chain=srcnat disabled=no src-address=192.168.96.10 \
    to-addresses=pub.ip.5
add action=dst-nat chain=dstnat comment="17 rules for remote access points con\
    necting to   server and other server" disabled=no dst-address=\
    pub.ip.1 dst-port=123 protocol=udp to-addresses=192.168.100.254 \
    to-ports=123
add action=dst-nat chain=dstnat disabled=no dst-address=pub.ip.1 \
    dst-port=12223 protocol=udp to-addresses=192.168.100.254 to-ports=12223
add action=dst-nat chain=dstnat disabled=no dst-address=pub.ip.1 \
    dst-port=161 protocol=udp to-addresses=192.168.100.254 to-ports=161
add action=dst-nat chain=dstnat disabled=no dst-address=pub.ip.1 \
    dst-port=21 protocol=tcp to-addresses=192.168.100.254 to-ports=21
add action=dst-nat chain=dstnat disabled=no dst-address=pub.ip.1 \
    dst-port=22 protocol=tcp to-addresses=192.168.100.254 to-ports=22
add action=dst-nat chain=dstnat disabled=no dst-address=pub.ip.1 \
    dst-port=16384-65000 protocol=tcp to-addresses=192.168.100.254 to-ports=\
    16384-65000
add action=dst-nat chain=dstnat disabled=no dst-address=pub.ip.1 \
    dst-port=9443 protocol=tcp to-addresses=192.168.100.254 to-ports=9443
add action=dst-nat chain=dstnat disabled=no dst-address=pub.ip.1 \
    dst-port=9080 protocol=tcp to-addresses=192.168.100.254 to-ports=9080
add action=dst-nat chain=dstnat disabled=no dst-address=pub.ip.1 \
    dst-port=9997-9998 protocol=tcp to-addresses=192.168.100.254 to-ports=\
    9997-9998
add action=dst-nat chain=dstnat disabled=no dst-address=pub.ip.1 \
    dst-port=8111 protocol=tcp to-addresses=192.168.100.254 to-ports=8111
add action=dst-nat chain=dstnat disabled=no dst-address=pub.ip.1 \
    dst-port=8099-8100 protocol=tcp to-addresses=192.168.100.254 to-ports=\
    8099-8100
add action=dst-nat chain=dstnat disabled=no dst-address=pub.ip.1 \
    dst-port=8090 protocol=tcp to-addresses=192.168.100.254 to-ports=8090
add action=dst-nat chain=dstnat disabled=no dst-address=pub.ip.1 \
    dst-port=8443 protocol=tcp to-addresses=192.168.100.254 to-ports=8443
add action=dst-nat chain=dstnat disabled=no dst-address=pub.ip.1 \
    dst-port=8080 protocol=tcp to-addresses=192.168.100.254 to-ports=8080
add action=dst-nat chain=dstnat disabled=no dst-address=pub.ip.1 \
    dst-port=443 protocol=tcp to-addresses=192.168.100.254 to-ports=443
add action=dst-nat chain=dstnat disabled=no dst-address=pub.ip.1 \
    dst-port=91 protocol=tcp to-addresses=192.168.100.254 to-ports=91
add action=dst-nat chain=dstnat disabled=no dst-address=pub.ip.1 \
    dst-port=11443 protocol=tcp to-addresses=192.168.100.254 to-ports=11443
add action=dst-nat chain=dstnat disabled=no dst-address=pub.ip.1 \
    dst-port=80 protocol=tcp to-addresses=192.168.100.253 to-ports=80
add action=dst-nat chain=dstnat comment="Controller" disabled=no \
    dst-port=8085 protocol=tcp to-addresses=192.168.99.253 to-ports=8085
add action=dst-nat chain=dstnat disabled=no dst-port=3478 in-interface=\
    "ether1 - Incoming FX Fibre" protocol=udp to-addresses=192.168.99.253 \
    to-ports=3478
add action=dst-nat chain=dstnat disabled=yes dst-port=3389 protocol=tcp \
    to-addresses=192.168.100.253 to-ports=3389
add action=src-nat chain=srcnat comment=\
    "nat so the return path from vlan 300 to vlan 303 works right" disabled=\
    no dst-address=192.168.200.0/22 src-address=192.168.100.0/24 \
    to-addresses=pub.ip.1
add action=masquerade chain=srcnat comment=\
    "masquerade vlan 303 traffic headed for the Internet" disabled=no \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.200.0/22
add action=masquerade chain=srcnat comment=\
    "masquerade vlan 117 traffic headed for the Internet" disabled=no \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.90.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade vlan 117 traffic headed for the Internet" disabled=no \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.95.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade traffic from   network headed for the Internet" \
    disabled=no out-interface="ether1 - Incoming FX Fibre" src-address=\
    192.168.106.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade traffic from   network headed for the Internet" \
    disabled=no out-interface="ether1 - Incoming FX Fibre" src-address=\
    192.168.107.0/24
add action=netmap chain=dstnat comment=\
    "FOR    adam OFFICE - DO NOT TOUCH" disabled=no dst-address=\
    pub.ip.4 to-addresses=192.168.97.18
add action=netmap chain=srcnat comment=\
    "FOR     adam OFFICE - DO NOT TOUCH" disabled=no \
    src-address=192.168.97.18 to-addresses=pub.ip.4
add action=masquerade chain=srcnat comment=\
    "masquerade traffic from  SGC POS network headed for the Internet" \
    disabled=no out-interface="ether1 - Incoming FX Fibre" src-address=\
    192.168.105.0/24
add action=masquerade chain=srcnat comment="potentially redundant rule - was s\
    et up for   sg adam connection, went another route" disabled=no \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.97.16/29
add action=masquerade chain=srcnat comment=\
    "masquerade internet traffic from local management interface" disabled=no \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.97.0/29
add action=masquerade chain=srcnat comment=\
    "masquerade Internet traffic from VPN connections out to the Internet" \
    disabled=no out-interface="ether1 - Incoming FX Fibre" src-address=\
    192.168.97.9-192.168.97.14
add action=masquerade chain=srcnat comment=\
    "masquerade traffic from LAN Management interface" disabled=no \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.99.0/24
add action=masquerade chain=srcnat comment="masquerade   network" \
    disabled=no out-interface="ether1 - Incoming FX Fibre" src-address=\
    192.168.101.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade LAN_Connections network" disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.102.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade   Ticketing network" disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.103.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade  _Management network" disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.104.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade VLAN 112 -  RACTIVE network" disabled=no \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.108.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade VLAN 113 -   network" disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.109.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade VLAN 114 -   network" disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.110.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade VLAN 115 -   network" disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade internet traffic from WLAN management interface" disabled=no \
    out-interface="ether1 - Incoming FX Fibre" src-address=192.168.98.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade VLAN 116 -   network" disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.91.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade VLAN 117 -   network" disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.90.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade VLAN 118 -  network" disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.89.0/24
add action=masquerade chain=srcnat comment=\
    "masquerade VLAN 119 -   2 network" disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.95.0/24
add action=masquerade chain=srcnat comment="masquerade wifi Public WiFi" \
    disabled=no out-interface="ether1 - Incoming FX Fibre" src-address=\
    172.16.0.0/16
add action=masquerade chain=srcnat comment="masquerade wifi Exhibitor WiFi" \
    disabled=no out-interface="ether1 - Incoming FX Fibre" src-address=\
    192.168.120.0/21
add action=masquerade chain=srcnat comment=\
    "masquerade for wifi Management network" disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.100.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    disabled=no out-interface="ether1 - Incoming FX Fibre" src-address=\
    192.168.112.0/22
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    disabled=no out-interface="ether1 - Incoming FX Fibre" src-address=\
    192.168.116.0/22
add action=masquerade chain=srcnat disabled=no out-interface=\
    "ether1 - Incoming FX Fibre" src-address=192.168.96.0/24
add action=src-nat chain=srcnat comment="  Backup" disabled=no \
    src-address=192.168.96.10 to-addresses=pub.ip.9
add action=dst-nat chain=dstnat disabled=no dst-address=pub.ip.9 \
    dst-port=21 protocol=tcp src-port="" to-addresses=192.168.96.10 to-ports=\
    21
add action=dst-nat chain=dstnat comment=\
    "WEB SERVER HTTPS USING DIFFERENT PORT" disabled=no dst-address=\
    pub.ip.1 dst-port=4443 protocol=tcp to-addresses=192.168.100.253 \
    to-ports=4443
add action=dst-nat chain=dstnat disabled=no dst-address=pub.ip.5 \
    dst-port=80 protocol=tcp to-addresses=192.168.100.253 to-ports=80
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add disabled=no name=adam profile=default
add comment=  disabled=no name=Steve profile="Staff Connections" server=\
    "  Hotspot"
add comment="    staff" disabled=no name=Shea profile=\
    "Staff Connections" server="  Hotspot"
add comment="  and Power, password = " disabled=no name=Josh \
    profile="Staff Connections" server="  Hotspot"
add comment="  and Power, password =  " disabled=no name=Jason \
    profile="Staff Connections" server="  Hotspot"
add comment="  and Power, password =  " disabled=no name=Reuben \
    profile="Staff Connections" server="  Hotspot"
add disabled=no name=Kathy profile="Staff Connections" server="  Hotspot"
add disabled=yes name=user21 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user22 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user23 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user24 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user25 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user26 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user27 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user28 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user29 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user30 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user31 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user32 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user33 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user34 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user35 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user36 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user37 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user38 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user39 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user40 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user41 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user42 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user43 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user44 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user45 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user46 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user47 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user48 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user49 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user50 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user51 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user52 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user53 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user1 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user2 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user3 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user4 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user5 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user6 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user7 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user8 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user9 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user10 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user11 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user12 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user13 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user14 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user15 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user16 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user17 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user18 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user19 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user20 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user54 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user55 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user56 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user57 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user58 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user59 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user60 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user61 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user62 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user63 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user64 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user65 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user66 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user67 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user68 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user69 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user70 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user71 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user72 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user73 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user74 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user75 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user76 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user77 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user78 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user79 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user80 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user81 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user82 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user83 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user84 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user85 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user86 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user87 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user88 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user89 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user90 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=Karl profile="Staff Connections" server="  Hotspot"
add disabled=yes name=user91 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user92 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user93 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user94 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user95 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user96 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user97 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user98 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user99 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user100 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user101 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user102 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user103 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user104 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user105 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user106 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user107 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user108 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user109 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user110 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user111 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user112 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user113 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user114 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user115 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user116 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user117 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user118 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user119 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user120 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user121 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user122 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user123 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user124 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user125 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user126 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user127 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user128 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user129 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user130 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user131 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user132 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user133 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user134 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user135 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user136 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user137 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user138 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user139 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user140 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user141 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user142 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user143 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user144 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user145 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user146 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user147 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user148 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user149 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user150 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user151 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user152 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user153 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user154 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user155 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user156 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user157 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user158 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user159 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user160 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user161 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user162 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user163 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user164 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user165 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user166 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user167 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user168 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user169 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user170 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user171 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user172 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user173 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user174 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user175 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user176 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user177 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user178 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user179 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user180 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user181 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user182 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user183 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user184 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user185 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user186 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user187 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user188 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user189 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user190 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user191 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user192 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user193 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user194 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user195 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user196 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user197 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user198 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user199 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user200 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user201 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user202 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user203 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user204 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user205 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user206 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user207 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user208 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user209 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user210 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user211 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user212 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user213 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user214 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user215 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user216 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user217 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user218 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user219 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user220 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user221 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user222 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user223 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user224 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user225 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user226 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user227 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user228 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user229 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user230 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user231 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user232 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user233 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user234 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user235 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user236 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user237 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user238 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user239 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user240 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user241 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user242 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user243 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user244 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user245 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user246 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user247 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user248 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user249 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user250 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user251 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user252 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user253 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user254 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user255 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user256 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user257 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user258 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user259 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user260 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user261 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user262 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user263 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user264 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user265 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user266 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user267 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user268 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user269 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user270 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user271 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user272 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user273 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user274 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user275 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user276 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user277 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user278 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user279 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user280 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user281 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user282 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user283 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user284 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user285 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user286 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user287 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user288 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user289 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user290 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user291 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user292 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user293 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user294 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user295 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user296 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user297 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user298 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user299 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user300 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user301 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user302 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user303 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user304 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user305 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user306 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user307 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user308 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user309 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user310 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user311 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user312 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user313 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user314 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user315 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user316 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user317 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user318 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user319 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user320 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user321 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user322 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user323 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user324 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user325 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user326 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user327 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user328 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user329 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user330 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user331 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user332 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user333 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user334 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user335 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user336 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user337 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user338 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user339 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user340 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user341 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user342 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user343 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user344 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user345 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user346 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user347 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user348 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user349 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user350 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user351 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user352 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user353 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user354 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user355 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user356 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user357 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user358 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user359 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user360 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user361 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user362 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user363 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user364 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user365 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user366 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user367 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user368 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user369 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user370 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user371 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user372 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user373 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user374 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user375 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user376 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user377 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user378 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user379 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user380 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user381 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user382 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user383 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user384 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user385 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user386 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user387 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user388 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user389 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user390 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user391 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user392 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user393 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user394 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user395 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user396 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user397 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user398 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user399 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user400 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user401 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user402 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user403 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user404 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user405 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user406 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user407 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user408 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user409 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user410 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user411 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user412 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user413 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user414 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user415 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user416 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user417 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user418 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user419 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user420 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user421 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user422 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user423 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user424 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user425 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user427 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user428 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user429 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user430 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user431 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user432 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user433 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user434 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user426 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user435 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user436 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user437 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user438 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user439 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user440 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user441 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user442 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user443 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user444 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user445 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user446 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user447 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user448 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user449 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user450 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user451 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user452 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user453 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user454 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user455 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user456 profile=Events server="  Hotspot"
add disabled=yes name=user457 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user458 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user459 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user460 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user461 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user462 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user463 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user464 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user465 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user466 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user467 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user468 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user469 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user470 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user471 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user472 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user473 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user474 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user475 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user476 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user477 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user478 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user479 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user480 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user481 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user482 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user483 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user484 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user485 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user486 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user487 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user488 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user489 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user490 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user491 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user492 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user493 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user494 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user495 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user496 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user497 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user498 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user499 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user500 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user501 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user502 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user503 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user504 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user505 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user506 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user507 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user508 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user509 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user510 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user511 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user512 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user513 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user514 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user515 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user516 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user517 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user518 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user519 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user520 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user521 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user522 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user523 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user524 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user525 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user526 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user527 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user528 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user529 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user530 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user531 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user532 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user533 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user534 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user535 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user536 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user537 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user538 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user539 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user540 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user541 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user542 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user543 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user544 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user545 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user546 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user547 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user548 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user549 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user550 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user551 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user552 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user553 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user554 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user555 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user556 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user557 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user558 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user559 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user560 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user561 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user562 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user563 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user564 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user565 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user566 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user567 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user568 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user569 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user570 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user571 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user572 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user573 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user574 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user575 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=tsaichin2014 profile=Events server="  Hotspot"
add disabled=yes name=user576 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user577 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user578 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user579 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user580 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user581 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user582 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user583 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user584 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user585 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user586 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user587 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user588 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user589 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user590 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user591 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user592 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user593 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user594 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user595 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user596 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user597 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user598 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user599 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user600 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user601 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user602 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user603 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user604 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user605 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user606 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user607 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user608 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user609 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user610 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user611 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user612 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user613 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user614 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user615 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user616 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user617 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user618 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user619 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user620 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user621 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user622 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user623 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user624 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user625 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user626 profile=Events server="  Hotspot"
add disabled=yes name=user627 profile=Events server="  Hotspot"
add disabled=yes name=user628 profile=Events server="  Hotspot"
add disabled=yes name=user629 profile=Events server="  Hotspot"
add disabled=yes name=user630 profile=Events server="  Hotspot"
add disabled=yes name=user631 profile=Events server="  Hotspot"
add disabled=yes name=user632 profile=Events server="  Hotspot"
add disabled=yes name=user633 profile=Events server="  Hotspot"
add disabled=yes name=user634 profile=Events server="  Hotspot"
add disabled=yes name=user635 profile=Events server="  Hotspot"
add disabled=yes name=user636 profile=Events server="  Hotspot"
add disabled=yes name=user637 profile=Events server="  Hotspot"
add disabled=yes name=user638 profile=Events server="  Hotspot"
add disabled=yes name=user639 profile=Events server="  Hotspot"
add disabled=yes name=user640 profile=Events server="  Hotspot"
add disabled=yes name=user641 profile=Events server="  Hotspot"
add disabled=yes name=user642 profile=Events server="  Hotspot"
add disabled=yes name=user643 profile=Events server="  Hotspot"
add disabled=yes name=user644 profile=Events server="  Hotspot"
add disabled=yes name=user645 profile=Events server="  Hotspot"
add disabled=yes name=user646 profile=Events server="  Hotspot"
add disabled=yes name=user647 profile=Events server="  Hotspot"
add disabled=yes name=user648 profile=Events server="  Hotspot"
add disabled=yes name=user649 profile=Events server="  Hotspot"
add disabled=yes name=user650 profile=Events server="  Hotspot"
add disabled=yes name=user651 profile=Events server="  Hotspot"
add disabled=yes name=user652 profile=Events server="  Hotspot"
add disabled=yes name=user653 profile=Events server="  Hotspot"
add disabled=yes name=user654 profile=Events server="  Hotspot"
add disabled=yes name=user655 profile=Events server="  Hotspot"
add disabled=yes name=user656 profile=Events server="  Hotspot"
add disabled=yes name=user657 profile=Events server="  Hotspot"
add disabled=yes name=user658 profile=Events server="  Hotspot"
add disabled=yes name=user659 profile=Events server="  Hotspot"
add disabled=yes name=user660 profile=Events server="  Hotspot"
add disabled=yes name=user661 profile=Events server="  Hotspot"
add disabled=yes name=user662 profile=Events server="  Hotspot"
add disabled=yes name=user663 profile=Events server="  Hotspot"
add disabled=yes name=user664 profile=Events server="  Hotspot"
add disabled=yes name=user665 profile=Events server="  Hotspot"
add disabled=yes name=user666 profile=Events server="  Hotspot"
add disabled=yes name=user667 profile=Events server="  Hotspot"
add disabled=yes name=user668 profile=Events server="  Hotspot"
add disabled=yes name=user669 profile=Events server="  Hotspot"
add disabled=yes name=user670 profile=Events server="  Hotspot"
add disabled=yes name=user671 profile=Events server="  Hotspot"
add disabled=yes name=user672 profile=Events server="  Hotspot"
add disabled=yes name=user673 profile=Events server="  Hotspot"
add disabled=yes name=user674 profile=Events server="  Hotspot"
add disabled=yes name=user675 profile=Events server="  Hotspot"
add disabled=yes name=user676 profile=Events server="  Hotspot"
add disabled=yes name=user677 profile=Events server="  Hotspot"
add disabled=yes name=user678 profile=Events server="  Hotspot"
add disabled=yes name=user679 profile=Events server="  Hotspot"
add disabled=yes name=user680 profile=Events server="  Hotspot"
add disabled=yes name=user681 profile=Events server="  Hotspot"
add disabled=yes name=user682 profile=Events server="  Hotspot"
add disabled=yes name=user683 profile=Events server="  Hotspot"
add disabled=yes name=user684 profile=Events server="  Hotspot"
add disabled=yes name=user685 profile=Events server="  Hotspot"
add disabled=yes name=user686 profile=Events server="  Hotspot"
add disabled=yes name=user687 profile=Events server="  Hotspot"
add disabled=yes name=user688 profile=Events server="  Hotspot"
add disabled=yes name=user689 profile=Events server="  Hotspot"
add disabled=yes name=user690 profile=Events server="  Hotspot"
add disabled=yes name=user691 profile=Events server="  Hotspot"
add disabled=yes name=user692 profile=Events server="  Hotspot"
add disabled=yes name=user693 profile=Events server="  Hotspot"
add disabled=yes name=user694 profile=Events server="  Hotspot"
add disabled=yes name=user695 profile=Events server="  Hotspot"
add disabled=yes name=user696 profile=Events server="  Hotspot"
add disabled=yes name=user697 profile=Events server="  Hotspot"
add disabled=yes name=user698 profile=Events server="  Hotspot"
add disabled=yes name=user699 profile=Events server="  Hotspot"
add disabled=yes name=user700 profile=Events server="  Hotspot"
add disabled=yes name=Career profile="Multi User" server="Spare wifi hotspot"
add disabled=yes name=user701 profile=Events server="  Hotspot"
add disabled=yes name=user702 profile=Events server="  Hotspot"
add disabled=yes name=user703 profile=Events server="  Hotspot"
add disabled=yes name=user704 profile=Events server="  Hotspot"
add disabled=yes name=user705 profile=Events server="  Hotspot"
add disabled=yes name=user706 profile=Events server="  Hotspot"
add disabled=yes name=user707 profile=Events server="  Hotspot"
add disabled=yes name=user708 profile=Events server="  Hotspot"
add disabled=yes name=user709 profile=Events server="  Hotspot"
add disabled=yes name=user710 profile=Events server="  Hotspot"
add disabled=yes name=user711 profile=Events server="  Hotspot"
add disabled=yes name=user712 profile=Events server="  Hotspot"
add disabled=yes name=user713 profile=Events server="  Hotspot"
add disabled=yes name=user714 profile=Events server="  Hotspot"
add disabled=yes name=user715 profile=Events server="  Hotspot"
add disabled=yes name=user716 profile=Events server="  Hotspot"
add disabled=yes name=user717 profile=Events server="  Hotspot"
add disabled=yes name=user718 profile=Events server="  Hotspot"
add disabled=yes name=user719 profile=Events server="  Hotspot"
add disabled=yes name=user720 profile=Events server="  Hotspot"
add disabled=yes name=user721 profile=Events server="  Hotspot"
add disabled=yes name=user722 profile=Events server="  Hotspot"
add disabled=yes name=user723 profile=Events server="  Hotspot"
add disabled=yes name=user724 profile=Events server="  Hotspot"
add disabled=yes name=user725 profile=Events server="  Hotspot"
add disabled=yes name=user726 profile=Events server="  Hotspot"
add disabled=yes name=user727 profile=Events server="  Hotspot"
add disabled=yes name=user728 profile=Events server="  Hotspot"
add disabled=yes name=user729 profile=Events server="  Hotspot"
add disabled=yes name=user730 profile=Events server="  Hotspot"
add disabled=yes name=user731 profile=Events server="  Hotspot"
add disabled=yes name=user732 profile=Events server="  Hotspot"
add disabled=yes name=user733 profile=Events server="  Hotspot"
add disabled=yes name=user734 profile=Events server="  Hotspot"
add disabled=yes name=user735 profile=Events server="  Hotspot"
add disabled=yes name=user736 profile=Events server="  Hotspot"
add disabled=yes name=user737 profile=Events server="  Hotspot"
add disabled=yes name=user738 profile=Events server="  Hotspot"
add disabled=yes name=user739 profile=Events server="  Hotspot"
add disabled=yes name=user740 profile=Events server="  Hotspot"
add disabled=yes name=user741 profile=Events server="  Hotspot"
add disabled=yes name=user742 profile=Events server="  Hotspot"
add disabled=yes name=user743 profile=Events server="  Hotspot"
add disabled=yes name=user744 profile=Events server="  Hotspot"
add disabled=yes name=user745 profile=Events server="  Hotspot"
add disabled=yes name=user746 profile=Events server="  Hotspot"
add disabled=yes name=user747 profile=Events server="  Hotspot"
add disabled=yes name=user748 profile=Events server="  Hotspot"
add disabled=yes name=user749 profile=Events server="  Hotspot"
add disabled=yes name=user750 profile=Events server="  Hotspot"
add disabled=yes name=user751 profile=Events server="  Hotspot"
add disabled=yes name=user752 profile=Events server="  Hotspot"
add disabled=yes name=user753 profile=Events server="  Hotspot"
add disabled=yes name=user754 profile=Events server="  Hotspot"
add disabled=yes name=user755 profile=Events server="  Hotspot"
add disabled=yes name=user756 profile=Events server="  Hotspot"
add disabled=yes name=user757 profile=Events server="  Hotspot"
add disabled=yes name=user758 profile=Events server="  Hotspot"
add disabled=yes name=user759 profile=Events server="  Hotspot"
add disabled=yes name=user760 profile=Events server="  Hotspot"
add disabled=yes name=user761 profile=Events server="  Hotspot"
add disabled=yes name=user762 profile=Events server="  Hotspot"
add disabled=yes name=user763 profile=Events server="  Hotspot"
add disabled=yes name=user764 profile=Events server="  Hotspot"
add disabled=yes name=user765 profile=Events server="  Hotspot"
add disabled=yes name=user766 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user767 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user768 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user769 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user770 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user771 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user772 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user773 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user774 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user775 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user776 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user777 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user778 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user779 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user780 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user781 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user782 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user783 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user784 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user785 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=meetings profile="Multi User" server="  Hotspot"
add disabled=no name=keven profile="Staff Connections" server="  Hotspot"
add disabled=no name=ben profile="Staff Connections" server="  Hotspot"
add disabled=no name=jimmy profile="Staff Connections" server="  Hotspot"
add disabled=yes name=user786 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user787 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user788 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user789 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user790 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user791 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user792 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user793 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user794 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user795 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user796 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user797 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user798 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user799 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user800 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user801 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user802 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user803 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user804 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user805 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user806 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user807 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user808 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user809 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user810 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user811 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user812 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user813 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user814 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user815 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user816 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user817 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user818 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user819 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user820 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user821 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user822 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user823 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user824 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user825 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user826 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user827 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user828 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user829 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user830 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user831 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user832 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user833 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user834 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user835 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user836 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user837 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=Manie profile="Staff Connections" server=\
    "  Hotspot"
add disabled=no name=Dean profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user838 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user839 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user840 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user841 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user842 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user843 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user844 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user845 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user846 profile="Multi User" server="  Hotspot"
add disabled=yes name=user847 profile="Multi User" server="  Hotspot"
add disabled=yes name=user848 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user849 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user850 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user851 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user852 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user853 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user854 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user855 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user856 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user857 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user858 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user859 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user860 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user861 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user862 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user863 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user864 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user865 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user866 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user867 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user868 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=user869 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user870 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user871 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user872 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user873 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user874 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user875 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user876 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user877 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user878 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user879 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user880 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user881 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user882 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user883 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user884 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user885 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user886 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user887 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user888 profile="Multi User" server="  Hotspot"
add disabled=no name=user889 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user890 profile="Multi User" server="  Hotspot"
add disabled=no name=user891 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user892 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user893 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user894 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user895 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user896 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user897 profile="Multi User" server="  Hotspot"
add disabled=no name=user898 profile="Multi User" server="  Hotspot"
add disabled=no name=user899 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user900 profile="Multi User" server="  Hotspot"
add disabled=no name=user901 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user902 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user903 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user904 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user905 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user906 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user907 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user908 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user909 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user910 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user911 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user912 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user913 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user914 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user915 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user916 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user917 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user918 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user919 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user920 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user921 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user922 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user923 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user924 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user925 profile="Multi User" server="  Hotspot"
add disabled=no name=user926 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user927 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user928 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user929 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user930 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user931 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user932 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user933 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user934 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user935 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user936 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user937 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user938 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user939 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user940 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user941 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user942 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user943 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user944 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user945 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user946 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user947 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user948 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user949 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user950 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user951 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user952 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user953 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user954 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user955 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user956 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user957 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user958 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user959 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user960 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user961 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user962 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user963 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user964 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user965 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user966 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user967 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user968 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user969 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user970 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user971 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user972 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user973 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user974 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user975 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user976 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user977 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user978 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user979 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user980 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user981 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user982 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user983 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user984 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user985 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user986 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=user987 profile="Premium Connections" server=\
    "  Hotspot"
add disabled=yes name=  profile="Multi User" server="  Hotspot"
add disabled=no name=krono1664 profile="Staff Connections" server=\
    "  Hotspot"
add disabled=no name=greg profile="Staff Connections" server="  Hotspot"
add disabled=yes name=  profile="Multi User" server="  Hotspot"
add disabled=yes name=foodpack profile="Multi User" server="  Hotspot"
add disabled=yes name=flight  profile="Multi User" server="  Hotspot"
add disabled=yes name=fc  profile="Multi User" server="  Hotspot"
add disabled=yes name=Jehovah profile="Multi User" server="  Hotspot"
add disabled=no name=scee profile="Multi User" server="  Hotspot"
add disabled=no name=riot profile="Multi User" server="  Hotspot"
add disabled=yes name=LDS profile="Premium Connections" server=\
    "  Hotspot"
add comment="  Staff Connection" disabled=no name=mark profile=\
    "Staff Connections" server="  Hotspot"
add disabled=no name=user988 profile=default
add disabled=no name=driveelectric profile="Multi User" server=\
    "  Hotspot"
add disabled=no name=Events profile="Premium Connections" server=\
    "  Hotspot"
add disabled=no name=iticket2 profile="Premium Connections" server=\
    "  Hotspot"
/ip hotspot walled-garden
add action=allow disabled=no dst-host=*. .com dst-port=""
add action=allow comment="#1 Entry to allow free access to Apple App Store" \
    disabled=yes dst-host=itunes.apple.com dst-port=""
add action=allow comment="#2 Entry to allow free access to Apple App Store" \
    disabled=yes dst-host=ax.itunes.apple.com dst-port=""
add action=allow comment="#3 Entry to allow free access to Apple App Store" \
    disabled=yes dst-host=albert.apple.com dst-port=""
add action=allow comment="#4 Entry to allow free access to Apple App Store" \
    disabled=yes dst-host=gs.apple.com dst-port=""
add action=allow disabled=no dst-host=*.facebook.com dst-port=""
/ip neighbor discovery
set "ether12 - Spare" disabled=no
set "ether13 - Local Management Interface" disabled=no
set "ether1 - Incoming FX Fibre" disabled=no
set "ether2 -     adam" disabled=no
set "ether3 - spare" disabled=no
set "ether4 - Spare" disabled=no
set "ether5 - Link to LAN Core" disabled=no
set "ether6 - LACP1" disabled=no
set "ether7 - LACP1" disabled=no
set "ether8 - XSYS Server CSG" disabled=no
set "ether9 - XSYS Server XSYSLIVE" disabled=no
set "ether10 -   Server" disabled=no
set "ether11 - Spare" disabled=no
set "LACP1 - Core Link" disabled=yes
set "100 -  " disabled=yes
set "110 - LAN Connections" disabled=yes
set "120 - Public Wifi" disabled=yes
set "130 -   Ticketing" disabled=yes
set "140 -" disabled=yes
set "200 -   Management" disabled=yes
set "150 -   office" disabled=yes
set "099 - LAN Management" disabled=yes
set "098 - WLAN Management" disabled=yes
set "050 -  SG Camera" disabled=yes
set "299 - wifi WAN" disabled=yes
set "111 - A2017 -  " disabled=yes
set "112 - A2017 -  ractive" disabled=yes
set "113 - A2017 -  " disabled=yes
set "114 - A2017 -  " disabled=yes
set "300 - wifi Management" disabled=yes
set "301 - wifi Public WiFi" disabled=yes
set "302 - wifi Exhibitor" disabled=yes
set "303 - wifi Access Points" disabled=yes
set "97 -   Backup" disabled=yes
set "304 - Event Organiser Wi-Fi" disabled=yes
set "115 - A2017 -  " disabled=yes
set "116 - A2017 -  " disabled=yes
set "117 - A2017 -  " disabled=yes
set "118 - A2017 -  " disabled=yes
set "119 - A2017 - VLAN 119 Test" disabled=yes
set "55 -     VoIP" disabled=yes
/ip proxy
set always-from-cache=no cache-adamistrator=webmaster cache-hit-dscp=4 \
    cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\
    600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
    parent-proxy-port=0 port=8080 serialize-connections=no src-address=\
    0.0.0.0
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pub.ip.6 \
    scope=30 target-scope=10
/ip service
set telnet address="" disabled=no port=23
set ftp address="" disabled=no port=21
set www address="" disabled=no port=80
set ssh address="" disabled=no port=22
set www-ssl address="" certificate=none disabled=yes port=443
set api address="" disabled=yes port=8728
set winbox address="" disabled=no port=8291
/ip smb
set allow-guests=yes comment=MikrotikSMB domain=MSHOME enabled=no interfaces=\
    all
/ip smb shares
set [ find default=yes ] comment="default share" directory=/pub disabled=no \
    max-sessions=10 name=pub
/ip smb users
set [ find default=yes ] disabled=no name=guest read-only=yes
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
    inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
set [ find default=yes ] disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \
    lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \
    use-explicit-null=no
/port firmware
set directory=firmware
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/ppp secret
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=  \
    profile="  VPN" remote-address=192.168.97.10 routes="" service=pptp
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name= \
    profile="  VPN" remote-address=192.168.97.11 routes="" service=pptp
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=  \
    profile="  VPN" remote-address=192.168.97.12 routes="" service=pptp
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name= \
    profile="  VPN" remote-address=192.168.97.10 routes="" service=pptp
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=n \
    profile="  VPN" remote-address=192.168.97.10 routes="" service=pptp
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name= \
    profile="  VPN" remote-address=192.168.97.10 routes="" service=pptp
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name= \
    profile=profile1 remote-address=192.168.101.202 routes="" service=pptp
/queue interface
set "ether12 - Spare" queue=only-hardware-queue
set "ether13 - Local Management Interface" queue=only-hardware-queue
set "ether1 - Incoming FX Fibre" queue=only-hardware-queue
set "ether2 -     adam" queue=only-hardware-queue
set "ether3 - spare" queue=only-hardware-queue
set "ether4 - Spare" queue=only-hardware-queue
set "ether5 - Link to LAN Core" queue=only-hardware-queue
set "ether6 - LACP1" queue=only-hardware-queue
set "ether7 - LACP1" queue=only-hardware-queue
set "ether8 - XSYS Server CSG" queue=only-hardware-queue
set "ether9 - XSYS Server XSYSLIVE" queue=only-hardware-queue
set "ether10 -   Server" queue=only-hardware-queue
set "ether11 - Spare" queue=only-hardware-queue
/radius incoming
set accept=no port=3799
/routing bfd interface
set [ find default=yes ] disabled=no interface=all interval=0.2s min-rx=0.2s \
    multiplier=5
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
    gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
    0.0.0.0 timeout=1m ttl=50
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
    metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
    redistribute-connected=no redistribute-ospf=no redistribute-static=no \
    routing-table=main timeout-timer=3m update-timer=30s
/snmp
set contact="" enabled=yes engine-id="" location="" trap-community=public \
    trap-generators="" trap-target="" trap-version=1
/system clock
set time-zone-name= / 
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
    "jan/01/1970 00:00:00" time-zone=+00:00
/system console
set [ find port=serial0 ] disabled=no port=serial0 term=vt102
/system health
set fan-mode=auto use-fan=main
/system identity
set name=MikroTik
/system logging
set 0 action=memory disabled=yes prefix="" topics=info
set 1 action=memory disabled=no prefix="" topics=error
set 2 action=memory disabled=no prefix="" topics=warning
set 3 action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=yes mode=unicast primary-ntp=NTP.IP secondary-ntp=\
    pub.ip.10
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
set 3 cpu=auto
set 4 cpu=auto
set 5 cpu=auto
set 6 cpu=auto
set 7 cpu=auto
set 8 cpu=auto
set 9 cpu=auto
set 10 cpu=auto
set 11 cpu=auto
/system resource irq rps
set "ether13 - Local Management Interface" disabled=no
set "ether1 - Incoming FX Fibre" disabled=yes
set "ether2 -     adam" disabled=yes
set "ether3 - spare" disabled=yes
set "ether4 - Spare" disabled=yes
set "ether5 - Link to LAN Core" disabled=yes
set "ether6 - LACP1" disabled=yes
set "ether7 - LACP1" disabled=yes
set "ether8 - XSYS Server CSG" disabled=yes
set "ether9 - XSYS Server XSYSLIVE" disabled=yes
set "ether10 -   Server" disabled=yes
/system routerboard settings
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet \
    boot-protocol=bootp cpu-frequency=1066MHz enable-jumper-reset=yes \
    enter-setup-on=any-key force-backup-booter=no memory-data-rate=533DDR \
    silent-boot=no
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
    0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
    none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\
    100
/tool e-mail
set address=0.0.0.0 from=<> password="" port=25 user=""
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set [ find default=yes ] disabled=no interface=all
/tool mac-server mac-winbox
set [ find default=yes ] disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no
/tool sniffer
set file-limit=1000KiB file-name="" filter-ip-address="" filter-ip-protocol=\
    "" filter-mac-address="" filter-mac-protocol="" filter-port="" \
    filter-stream=yes interface=all memory-limit=100KiB memory-scroll=yes \
    only-headers=no streaming-enabled=no streaming-server=0.0.0.0
/tool traffic-generator
set latency-distribution-scale=10 test-id=0
/tool traffic-monitor
add disabled=no interface="ether1 - Incoming FX Fibre" name=tmon1 on-event="" \
    threshold=0 traffic=transmitted trigger=above
/user aaa
set accounting=yes default-group=read exclude-groups="" interim-update=0s \
    use-radius=no

Here's my updated config, note I've had to reenable the old mangle rules, just for this weekend, as some control is better than none.
So pretend as if they're all disabled, except for the new ones.

Re: Fir2ewall Causing Low Throughput

Posted: Fri Jul 19, 2019 2:38 pm
by sindy
I'm afraid you'll have to dedicate a couple of hours during night or weekend to an upgrade of the machine. ROS 5.14 may have any kind of bug in it which no one even remembers.

I've just double-checked that the rule action=jump (if) connection-mark=!no-mark works the expected way on 6.44 (.3 in my case), i.e. that it matches all packets which have got any connection-mark from the conntrack module and ignores those with no connection-mark assigned:

stats code

 0    chain=prerouting action=passthrough
 1    chain=prerouting action=jump jump-target=logme connection-mark=!no-mark log-prefix="no-conn-mark"
 2    chain=prerouting action=mark-connection new-connection-mark=my-mark connection-mark=no-mark

 0    prerouting                            passthrough                     172 848             680
 1    prerouting                            jump                            168 867             653
 2    prerouting                            mark-connection                   3 981              27
While thinking about it, it dawned on me that the rules in beginning of the prerouting chain could have been arranged even a small bit simpler by having the packet-marking in the direct branch and connection-marking in a separate chain (aka subroutine), so the first rule would have to match on not connection-marked packets instead of connection-marked ones, but that's another thing to be discussed maybe later. I don't believe that connection-mark=no-mark will work better than connection-mark=!no-mark so I'm afraid the upgrade is necessary. But if the rule as it looks now (with the ! in place) does count some packets, there is a small chance that the ! did not work in 5.14 and the condition was working as if the ! was not there.

I would be very afraid of upgrading from 5.14 to 6.44.5 ("long-term" as of writing this) in a single step as many things have changed. So I'd take the newest one from each X.xx released and upgrade between those (normally jumps over several xx are possible but not over so many). A faster way would be to export the configuration to a .rsc file (no backup!), download it to the PC, do a netinstall to 6.44.5 and then paste the configuration into a CLI window section by section, always pasting the beginning of the section up to the first "add" line to see whether it is accepted and if yes, pasting the rest of the section.

Re: Fir2ewall Causing Low Throughput

Posted: Fri Jul 19, 2019 11:20 pm
by Inigma
I'm afraid you'll have to dedicate a couple of hours during night or weekend to an upgrade of the machine.
Yeah, fair enough.
Okay, thanks for the recommendation, I'll go ahead and suggest this to the boss and reply back with hopefully successful results!

Thanks again for all your help in this, it's greatly appreciated!