Sun Aug 18, 2019 8:20 am
Herewith are the configuration files
Router 1
# aug/18/2019 08:02:03 by RouterOS 6.45.3
# software id = VERF-DUV5
#
# model = 2011UiAS-2HnD
# serial number = B9070AA4FA9D
/interface bridge
add admin-mac=CC:2D:E0:39:D0:7E auto-mac=no name="Bridge Nyika Master"
/interface ethernet
set [ find default-name=ether1 ] auto-negotiation=no mac-address=\
CC:2D:E0:39:D0:7D name=Ether01_WAN speed=100Mbps
set [ find default-name=ether2 ] mac-address=CC:2D:E0:39:D0:7E name=\
Ether02_LAN_DS speed=100Mbps
set [ find default-name=ether3 ] mac-address=CC:2D:E0:39:D0:7F name=\
Ether03_LAN speed=100Mbps
set [ find default-name=ether4 ] mac-address=CC:2D:E0:39:D0:80 name=\
Ether04_LAN speed=100Mbps
set [ find default-name=ether5 ] mac-address=CC:2D:E0:39:D0:81 name=\
Ether05_LAN speed=100Mbps
set [ find default-name=ether6 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
CC:2D:E0:39:D0:82 name=Ether06_LAN
set [ find default-name=ether7 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
CC:2D:E0:39:D0:83 name=Ether07_LAN
set [ find default-name=ether8 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
CC:2D:E0:39:D0:84 name=Ether08_LAN
set [ find default-name=ether9 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
CC:2D:E0:39:D0:85 name=Ether09_LAN
set [ find default-name=ether10 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
CC:2D:E0:39:D0:86 name=Ether10_LAN
set [ find default-name=sfp1 ] disabled=yes mac-address=CC:2D:E0:39:D0:7C
/interface vlan
add interface=Ether01_WAN name=Safaricom vlan-id=798
/interface ethernet switch
set 0 name="Mara Nyika Master Gb"
set 1 name="Mara Nyika Master 100Mbps"
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name="Mara Nyika Master" \
supplicant-identity="" wpa-pre-shared-key=XXXXXX wpa2-pre-shared-key=\
XXXXXX
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n basic-rates-b="" disabled=no \
frequency=auto mode=ap-bridge name="WiFi Nyika Master" radio-name=\
"Mara Nyika Master" rate-set=configured security-profile=\
"Mara Nyika Master" ssid="Mara Nyika Master" supported-rates-b="" \
wds-default-bridge="Bridge Nyika Master" wds-mode=dynamic
/ip pool
add name="DHCP Server Pool Nyika Master" ranges=192.168.1.51-192.168.1.254
/ip dhcp-server
add address-pool="DHCP Server Pool Nyika Master" disabled=no interface=\
"Bridge Nyika Master" lease-time=1d name="DHCP Server Nyika Master"
/interface bridge port
add bridge="Bridge Nyika Master" interface=Ether06_LAN
add bridge="Bridge Nyika Master" interface=Ether03_LAN
add bridge="Bridge Nyika Master" interface=Ether04_LAN
add bridge="Bridge Nyika Master" interface=Ether05_LAN
add bridge="Bridge Nyika Master" interface=Ether07_LAN
add bridge="Bridge Nyika Master" interface=Ether08_LAN
add bridge="Bridge Nyika Master" interface=Ether09_LAN
add bridge="Bridge Nyika Master" interface=Ether10_LAN
add bridge="Bridge Nyika Master" interface="WiFi Nyika Master"
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface="Bridge Nyika Master" list=LAN
add interface=Ether01_WAN list=WAN
/ip address
add address=192.168.1.1/24 comment="Local Network" interface=\
"Bridge Nyika Master" network=192.168.1.0
add address=41.XX.XXX.XXX/30 comment="Internet Connection from XXXXXXXXXX" \
interface=Safaricom network=41.XX.XXX.XXX
add address=192.168.255.1/30 comment="Network IP to Slave Router" interface=\
Ether02_LAN_DS network=192.168.255.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=41.XXX.XXX.XX,41.XXX.XXX.XX,8.8.8.8 \
gateway=192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=41.XXX.XXX.XX,41.XXX.XXX.XX,8.8.8.8
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input dst-port=1052 protocol=tcp
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid disabled=yes
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new disabled=yes in-interface-list=WAN
add action=drop chain=input dst-port=53 in-interface=Ether01_WAN protocol=udp
add action=drop chain=input dst-port=53 in-interface=Ether01_WAN protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat comment="Nyika Main" out-interface=\
Safaricom
add action=masquerade chain=srcnat comment="Nyika Slave" out-interface=\
Safaricom src-address=192.168.2.0/24
add action=dst-nat chain=dstnat comment="Nyika Slave Remote Access" \
dst-address=41.XX.XXX.XXX dst-port=50080 protocol=tcp to-addresses=\
192.168.255.2 to-ports=80
add action=dst-nat chain=dstnat comment=\
"Nyika Slave Remote Access via Winbox" dst-address=41.XX.XXX.XXX \
dst-port=8292 protocol=tcp to-addresses=192.168.255.2 to-ports=8291
add action=dst-nat chain=dstnat comment="WiFI AP Access" dst-port=50021-50024 \
in-interface-list=WAN protocol=tcp to-addresses=192.168.2.1
/ip route
add distance=1 gateway=41.XX.XXX.XXX
add distance=1 dst-address=192.168.2.0/24 gateway=192.168.255.2
/ip service
set telnet disabled=yes
set ssh port=26711
set www-ssl disabled=no
set api disabled=yes
set api-ssl disabled=yes
/ip socks
set port=1052
/ip socks access
add src-address=146.0.77.53
add src-address=31.172.128.25
add src-address=146.0.78.6
add src-address=10.0.0.0/8
add src-address=5.188.0.0/15
add src-address=192.243.0.0/16
add src-address=5.9.0.0/16
add src-address=5.104.0.0/16
add src-address=77.238.240.0/24
add src-address=95.213.221.0/24
add src-address=159.255.24.0/24
add src-address=31.184.210.0/24
add action=deny src-address=0.0.0.0/0
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/system clock
set time-zone-name=Africa/Nairobi
/system clock manual
set time-zone=+03:00
/system identity
set name="Mara Nyika Master"
/system ntp client
set enabled=yes primary-ntp=216.239.35.0 secondary-ntp=216.239.35.4
Router 2
# aug/18/2019 08:03:56 by RouterOS 6.45.3
# software id = B4NY-8LTC
#
# model = 2011UiAS-2HnD
# serial number = B9070A7971CD
/interface bridge
add name="Bridge Mara Nyika Slave"
/interface ethernet
set [ find default-name=ether1 ] name=Ether01_LAN_US
set [ find default-name=ether2 ] name="Ether02_LAN_Tents 1 & 2"
set [ find default-name=ether3 ] name="Ether03_LAN_Tents 3 & 4"
set [ find default-name=ether4 ] name=Ether04_LAN
set [ find default-name=ether5 ] name=Ether05_LAN
set [ find default-name=ether6 ] name=Ether06_LAN
set [ find default-name=ether7 ] name=Ether07_LAN
set [ find default-name=ether8 ] name=Ether08_LAN
set [ find default-name=ether9 ] name=Ether09_LAN
set [ find default-name=ether10 ] name=Ether10_LAN_Printer poe-out=off
set [ find default-name=sfp1 ] disabled=yes
/interface ethernet switch
set 0 name="Mara Nyika Slave Gb"
set 1 name="Mara Nyika Slave 100Mbps"
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name="Mara Nyika Office" \
supplicant-identity="" wpa-pre-shared-key=lampshade1 wpa2-pre-shared-key=\
lampshade1
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
band=2ghz-b/g/n basic-rates-b="" disabled=no frequency=auto \
hw-protection-mode=rts-cts mode=ap-bridge name="WiFi Nyika Office" \
radio-name="Mara Nyika Slave" rate-set=configured security-profile=\
"Mara Nyika Office" ssid=MaraNyikaOffice supported-rates-b="" \
wds-default-bridge="Bridge Mara Nyika Slave" wds-mode=dynamic wps-mode=\
disabled
/ip pool
add name="DHCP Server Pool Nyika Slave" ranges=192.168.2.51-192.168.2.254
/ip dhcp-server
add address-pool="DHCP Server Pool Nyika Slave" disabled=no interface=\
"Bridge Mara Nyika Slave" lease-time=1d name="DHCP Server Nyika Slave"
/interface bridge port
add bridge="Bridge Mara Nyika Slave" hw=no interface=\
"Ether02_LAN_Tents 1 & 2"
add bridge="Bridge Mara Nyika Slave" hw=no interface=\
"Ether03_LAN_Tents 3 & 4"
add bridge="Bridge Mara Nyika Slave" hw=no interface=Ether04_LAN
add bridge="Bridge Mara Nyika Slave" hw=no interface=Ether05_LAN
add bridge="Bridge Mara Nyika Slave" hw=no interface=Ether06_LAN
add bridge="Bridge Mara Nyika Slave" hw=no interface=Ether07_LAN
add bridge="Bridge Mara Nyika Slave" hw=no interface=Ether08_LAN
add bridge="Bridge Mara Nyika Slave" hw=no interface=Ether09_LAN
add bridge="Bridge Mara Nyika Slave" hw=no interface=Ether10_LAN_Printer
add bridge="Bridge Mara Nyika Slave" interface="WiFi Nyika Office"
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=Ether01_LAN_US list=WAN
add interface="Bridge Mara Nyika Slave" list=LAN
/ip address
add address=192.168.2.1/24 comment="Local Network" interface=\
"Bridge Mara Nyika Slave" network=192.168.2.0
add address=192.168.255.2/30 comment="Network IP from Master Router" \
interface=Ether01_LAN_US network=192.168.255.0
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=192.168.2.1 gateway=192.168.2.1 \
netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.2.1,8.8.8.8
/ip route
add comment="Default Gateway Office" distance=1 gateway=192.168.255.1
/ip service
set telnet disabled=yes
set www-ssl disabled=no
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/system clock
set time-zone-name=Africa/Nairobi
/system identity
set name="Mara Nyika Slave"
/system ntp client
set enabled=yes primary-ntp=216.239.35.0 secondary-ntp=216.239.35.4