# may/16/2020 14:17:08 by RouterOS 6.46.6
#
# model = RB4011iGS+
/interface bridge
add igmp-snooping=yes ingress-filtering=yes name=bridge1-lan vlan-filtering=\
yes
add name=bridge2-wan
add name=v-bridge3-lan-utilities protocol-mode=none
add name=v-bridge4-lan-guest protocol-mode=none
add name=v-bridge5-lan-untagged protocol-mode=none
add name=v-bridge6-lan-datacenter protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] loop-protect-disable-time=2m \
loop-protect-send-interval=10s speed=100Mbps
set [ find default-name=ether2 ] loop-protect-disable-time=2m \
loop-protect-send-interval=10s speed=100Mbps
set [ find default-name=ether3 ] loop-protect-disable-time=2m \
loop-protect-send-interval=10s speed=100Mbps
set [ find default-name=ether4 ] loop-protect-disable-time=2m \
loop-protect-send-interval=10s speed=100Mbps
set [ find default-name=ether5 ] loop-protect-disable-time=2m \
loop-protect-send-interval=10s speed=100Mbps
set [ find default-name=ether6 ] loop-protect-disable-time=2m \
loop-protect-send-interval=10s speed=100Mbps
set [ find default-name=ether7 ] loop-protect-disable-time=2m \
loop-protect-send-interval=10s speed=100Mbps
set [ find default-name=ether8 ] loop-protect-disable-time=2m \
loop-protect-send-interval=10s speed=100Mbps
set [ find default-name=ether9 ] loop-protect-disable-time=2m \
loop-protect-send-interval=10s
set [ find default-name=ether10 ] loop-protect-disable-time=2m \
loop-protect-send-interval=10s speed=100Mbps
set [ find default-name=sfp-sfpplus1 ] advertise=\
10M-full,100M-full,1000M-full loop-protect-disable-time=2m \
loop-protect-send-interval=10s rx-flow-control=auto speed=1Gbps \
tx-flow-control=auto
/interface 6to4
add comment="Hurricane Electric IPv6 Tunnel Broker" dont-fragment=inherit \
!keepalive local-address=50.35.67.174 mtu=1280 name=sit1 remote-address=\
216.218.226.238
/interface vlan
add disabled=yes interface=bridge1-lan name=bridge1-lan-vlan0014 vlan-id=14
add interface=bridge1-lan name=bridge1-lan-vlan0019 vlan-id=19
add interface=bridge1-lan name=bridge1-lan-vlan0029 vlan-id=29
add interface=bridge1-lan name=bridge1-lan-vlan0059 vlan-id=59
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip kid-control
add fri="" mon="" name=default-unlimited sat="" sun="" thu="" tue="" wed=""
/ip pool
add name=ippool-dhcp-default ranges=192.168.23.140-192.168.23.190
add name=ippool-dhcp-utilities ranges=192.168.219.140-192.168.219.190
add name=ippool-dhcp-guest ranges=192.168.229.140-192.168.229.190
add name=ippool-dhcp-datacenter ranges=192.168.59.140-192.168.59.190
/ip dhcp-server
add add-arp=yes address-pool=ippool-dhcp-utilities disabled=no interface=\
v-bridge3-lan-utilities name=dhcp-lan-utilities
add add-arp=yes address-pool=ippool-dhcp-guest disabled=no interface=\
v-bridge4-lan-guest name=dhcp-lan-guest
add add-arp=yes address-pool=ippool-dhcp-default disabled=no interface=\
bridge1-lan name=dhcp-lan-default
add add-arp=yes address-pool=ippool-dhcp-default interface=\
v-bridge5-lan-untagged name=dhcp-lan-untagged
add add-arp=yes address-pool=ippool-dhcp-datacenter disabled=no interface=\
v-bridge6-lan-datacenter name=dhcp-lan-datacenter
/ipv6 dhcp-server
add address-pool=ipv6pool-default interface=bridge1-lan lease-time=15m name=\
tunnel-dhcpv6
/queue type
add kind=pcq name=pcq-download-500mbps pcq-burst-rate=480M \
pcq-burst-threshold=400M pcq-classifier=dst-address pcq-limit=256KiB \
pcq-rate=440M pcq-total-limit=32768KiB
add kind=pcq name=pcq-upload-500mbps pcq-burst-rate=500M pcq-burst-threshold=\
400M pcq-classifier=src-address pcq-limit=256KiB pcq-rate=450M \
pcq-total-limit=32768KiB
/queue tree
add name=general-bandwidth-limit-download packet-mark=general-client-download \
parent=global queue=pcq-download-500mbps
add name=general-bandwidth-limit-upload packet-mark=general-client-upload \
parent=global queue=pcq-upload-500mbps
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge1-lan interface=ether1
add bridge=v-bridge4-lan-guest interface=bridge1-lan-vlan0029
add bridge=v-bridge3-lan-utilities interface=bridge1-lan-vlan0019
add bridge=v-bridge5-lan-untagged interface=bridge1-lan-vlan0014
add bridge=bridge1-lan interface=ether3
add bridge=bridge1-lan interface=ether4
add bridge=bridge1-lan interface=ether5
add bridge=bridge1-lan interface=ether6
add bridge=bridge1-lan interface=ether7
add bridge=bridge1-lan interface=ether8
add bridge=bridge1-lan interface=ether10
add bridge=bridge1-lan interface=sfp-sfpplus1
add bridge=bridge2-wan interface=ether9
add bridge=bridge1-lan interface=ether2
add bridge=v-bridge6-lan-datacenter interface=bridge1-lan-vlan0059
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set accept-source-route=yes rp-filter=strict tcp-syncookies=yes
/ipv6 settings
set accept-redirects=no
/interface bridge vlan
add bridge=bridge1-lan tagged="ether1,ether2,ether3,ether4,ether5,ether6,ether\
7,ether8,ether10,sfp-sfpplus1,bridge1-lan" vlan-ids=19
add bridge=bridge1-lan tagged="ether1,ether2,ether3,ether4,ether5,ether6,ether\
7,ether8,ether10,sfp-sfpplus1,bridge1-lan" vlan-ids=29
add bridge=bridge1-lan tagged="ether1,ether2,ether3,ether4,ether5,ether6,ether\
7,ether8,ether10,sfp-sfpplus1,bridge1-lan" vlan-ids=59
add bridge=bridge1-lan untagged="ether1,ether2,ether3,ether4,ether5,ether6,eth\
er7,ether8,ether10,sfp-sfpplus1" vlan-ids=14
/interface detect-internet
set detect-interface-list=WAN internet-interface-list=WAN lan-interface-list=\
LAN wan-interface-list=WAN
/interface list member
add interface=bridge2-wan list=WAN
add interface=bridge1-lan list=LAN
add interface=v-bridge3-lan-utilities list=LAN
add interface=v-bridge4-lan-guest list=LAN
add interface=v-bridge5-lan-untagged list=LAN
add interface=v-bridge6-lan-datacenter list=LAN
/ip address
add address=192.168.23.24/24 interface=bridge1-lan network=192.168.23.0
add address=192.168.219.24/24 interface=v-bridge3-lan-utilities network=\
192.168.219.0
add address=192.168.229.24/24 interface=v-bridge4-lan-guest network=\
192.168.229.0
add address=192.168.59.24/24 interface=v-bridge6-lan-datacenter network=\
192.168.59.0
add address=192.168.224.24/24 interface=bridge1-lan network=192.168.224.0
/ip dhcp-client
add dhcp-options=hostname,clientid,clientid_duid disabled=no interface=\
bridge2-wan
/ip dhcp-server network
add address=192.168.23.0/24 gateway=192.168.23.24 netmask=24
add address=192.168.59.0/24 gateway=192.168.59.24 netmask=24
add address=192.168.219.0/24 gateway=192.168.219.24 netmask=24
add address=192.168.224.0/24 gateway=192.168.224.24
add address=192.168.229.0/24 gateway=192.168.229.24 netmask=24
/ip dns
set allow-remote-requests=yes cache-max-ttl=1h cache-size=8192KiB \
max-concurrent-queries=500 max-concurrent-tcp-sessions=100 \
query-server-timeout=1s500ms servers="1.1.1.1,208.67.222.222,74.40.74.40,8\
.8.8.8,1.0.0.1,208.67.220.220,74.40.74.41,8.8.4.4,2001:4860:4860::8888,200\
1:4860:4860::4444"
/ip firewall address-list
add address=192.168.23.0/24 list=local-lan-all
add address=192.168.219.0/24 list=local-lan-all
add address=192.168.229.0/24 list=local-lan-all
add address=192.168.59.0/24 list=local-lan-all
add address=192.168.224.0/24 list=local-lan-all
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=\
not_in_internet
/ip firewall filter
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related disabled=yes
add action=accept chain=forward comment="defconf new: established, related" \
connection-state=established,related
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked disabled=yes
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid log=yes log-prefix=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked disabled=yes
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN log=yes log-prefix=!NAT
add action=drop chain=forward comment=\
"Drop incoming from internet which is not public IP" in-interface-list=\
WAN log=yes log-prefix=!public src-address-list=not_in_internet
add action=drop chain=forward comment=\
"Drop packets from LAN that do not have LAN IP" in-interface-list=LAN \
log=yes log-prefix=LAN_!LAN src-address-list=!local-lan-all
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment=\
"20200131 Port scanners to list " protocol=tcp psd=21,5s,3,1
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment=\
"20200131 NMAP FIN Stealth scan" protocol=tcp tcp-flags=\
fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="20200131 SYN/FIN scan" \
protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="20200131 SYN/RST scan" \
protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="20200131 FIN/PSH/URG scan" \
protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="20200131 ALL/ALL scan" \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="20200131 NMAP NULL scan" \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="20200131 dropping port scanners" \
src-address-list="port scanners"
add action=drop chain=forward comment="Stop Utilities from accessing Default" \
dst-address=192.168.23.0/24 in-interface=v-bridge3-lan-utilities
add action=drop chain=forward comment="Stop Utilities from accessing Infra" \
dst-address=192.168.224.0/24 in-interface=v-bridge3-lan-utilities
add action=drop chain=forward comment=\
"Stop Utilities from access default gateway IP" dst-address=192.168.23.24 \
in-interface=v-bridge3-lan-utilities
add action=drop chain=forward comment=\
"Stop Utilities from access none-gateway IP in same network" dst-address=\
!192.168.219.24 in-interface=v-bridge3-lan-utilities out-interface=\
v-bridge3-lan-utilities
add action=accept chain=forward comment="Enable Utilities to access WAN" \
in-interface=v-bridge3-lan-utilities out-interface-list=WAN
add action=fasttrack-connection chain=forward comment=\
"Enable Utilities to access WAN with fast track" connection-state=\
established,related disabled=yes in-interface=v-bridge3-lan-utilities \
out-interface-list=WAN
add action=drop chain=forward comment="Stop Guest from accessing Default" \
disabled=yes dst-address=192.168.23.0/24 in-interface=v-bridge4-lan-guest
add action=drop chain=forward comment="Stop Guest from accessing Infra" \
dst-address=192.168.224.0/24 in-interface=v-bridge4-lan-guest
add action=drop chain=forward comment=\
"Stop Guest from access default gateway IP" dst-address=192.168.23.24 \
in-interface=v-bridge4-lan-guest
add action=fasttrack-connection chain=forward comment=\
"Enable Guest to access WAN with fast track" connection-state=\
established,related disabled=yes in-interface=v-bridge4-lan-guest \
out-interface-list=WAN
add action=drop chain=forward comment=\
"Stop Datacenter from accessing Default" dst-address=192.168.23.0/24 \
in-interface=v-bridge6-lan-datacenter
add action=drop chain=forward comment="Stop Datacenter from accessing Infra" \
dst-address=192.168.224.0/24 in-interface=v-bridge6-lan-datacenter
add action=fasttrack-connection chain=forward comment=\
"Enable Datacenter to access WAN with fast track" connection-state=\
established,related disabled=yes in-interface=v-bridge6-lan-datacenter \
out-interface-list=WAN
/ip firewall mangle
add action=mark-packet chain=prerouting comment=\
"Rate Limiting - Download - Default" in-interface=bridge2-wan \
new-packet-mark=general-client-download passthrough=yes
add action=mark-packet chain=prerouting comment=\
"Rate Limiting - Upload - Default" in-interface=bridge1-lan \
new-packet-mark=general-client-upload passthrough=yes
add action=mark-packet chain=prerouting comment=\
"Rate Limiting - Upload - Utilities" in-interface=v-bridge3-lan-utilities \
new-packet-mark=general-client-upload passthrough=yes
add action=mark-packet chain=prerouting comment=\
"Rate Limiting - Upload - Datacenter" in-interface=\
v-bridge6-lan-datacenter new-packet-mark=general-client-upload \
passthrough=yes
add action=mark-packet chain=prerouting comment=\
"Rate Limiting - Upload - Guest" in-interface=v-bridge4-lan-guest \
new-packet-mark=general-client-upload passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ip ipsec policy
set 0 disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.23.0/24 disabled=yes port=8080
set ssh disabled=yes
set www-ssl address=192.168.23.0/24
set api disabled=yes
set winbox address=192.168.23.0/24 port=8291
set api-ssl disabled=yes
/ip smb
set comment="" domain=CNOVA.INFO
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ip traffic-flow
set cache-entries=1M
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge1-lan type=internal
add interface=bridge2-wan type=external
add interface=v-bridge3-lan-utilities type=internal
add interface=v-bridge4-lan-guest type=internal
/ipv6 address
add disabled=yes eui-64=yes from-pool=isp-defaultv6 interface=bridge1-lan
add address=2001:7040:a:406e::2 advertise=no comment=\
"Hurricane Electric IPv6 Tunnel Broker Default Address" interface=sit1
add address=2001:7040:b:406e::24 comment=\
"Hurricane Electric IPv6 Tunnel Broker Client/64 Default Address" \
interface=bridge1-lan
add address=2001:7040:e9ac:59::59 comment=\
"Hurricane Electric IPv6 Tunnel Broker Client/48 Datacenter Address" \
interface=v-bridge6-lan-datacenter
add address=2001:7040:e9ac:24::24 comment=\
"Hurricane Electric IPv6 Tunnel Broker Client/48 Default Address" \
disabled=yes interface=bridge1-lan
/ipv6 dhcp-client
add add-default-route=yes interface=bridge2-wan pool-name=isp-defaultv6 \
prefix-hint=::/60 request=address,prefix
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=2001:7040:b:406e::/64 comment=\
"Hurricane Electric IPv6 Tunnel Broker Default/64 Address" list=\
v6-local-lan-all
add address=2001:7040:e9ac::/48 comment=\
"Hurricane Electric IPv6 Tunnel Broker Default/48 Address" list=\
v6-local-lan-all
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=input comment="defconf: drop bad_ipv6" \
connection-state="" src-address-list=bad_ipv6
add action=drop chain=input comment="defconf: drop bad_ipv6" \
connection-state="" dst-address-list=bad_ipv6
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/16
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
add action=drop chain=forward comment=\
"Disable some lower port range for all IPv6 clients" dst-port=3389 \
protocol=tcp
add action=drop chain=forward comment=\
"Disable some lower port range for all IPv6 clients" dst-port=3389 \
protocol=udp
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment=\
"20200512 IPv6 NMAP FIN Stealth scan" protocol=tcp tcp-flags=\
fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="20200512 IPv6 SYN/FIN scan" \
protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="20200512 IPv6 SYN/RST scan" \
protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment=\
"20200512 IPv6 FIN/PSH/URG scan" protocol=tcp tcp-flags=\
fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="20200512 IPv6 ALL/ALL scan" \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment=\
"20200512 IPv6 NMAP NULL scan" protocol=tcp tcp-flags=\
!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="20200512 IPv6 dropping port scanners" \
src-address-list="port scanners"
add action=drop chain=forward comment=\
"Stop Datacenter from accessing Default" disabled=yes dst-address=\
2001:7040:b:406e::/64 in-interface=v-bridge6-lan-datacenter
/ipv6 firewall mangle
add action=mark-packet chain=prerouting comment=\
"Rate Limiting - Download - Default" in-interface=bridge2-wan \
new-packet-mark=general-client-download passthrough=yes
add action=mark-packet chain=prerouting comment=\
"Rate Limiting - Upload - Default" in-interface=bridge1-lan \
new-packet-mark=general-client-upload passthrough=yes
add action=mark-packet chain=prerouting comment=\
"Rate Limiting - Upload - Utilities" in-interface=v-bridge3-lan-utilities \
new-packet-mark=general-client-upload passthrough=yes
add action=mark-packet chain=prerouting comment=\
"Rate Limiting - Upload - Datacenter" in-interface=\
v-bridge6-lan-datacenter new-packet-mark=general-client-upload \
passthrough=yes
add action=mark-packet chain=prerouting comment=\
"Rate Limiting - Upload - Guest" in-interface=v-bridge4-lan-guest \
new-packet-mark=general-client-upload passthrough=yes
/ipv6 nd
set [ find default=yes ] disabled=yes
add interface=bridge1-lan managed-address-configuration=yes
add advertise-mac-address=no disabled=yes interface=v-bridge6-lan-datacenter \
managed-address-configuration=yes
/ipv6 nd prefix
add autonomous=no disabled=yes interface=bridge1-lan
/ipv6 route
add disabled=yes distance=1 gateway=sit1
add comment="Hurricane Electric IPv6 Tunnel Broker Static Route" distance=1 \
dst-address=2000::/3 gateway=2001:7040:a:406e::1
/special-login
add disabled=yes port=serial1 user=carlton
/system clock
set time-zone-name=America/Los_Angeles
/system console
set [ find port=serial1 ] disabled=yes port=serial1
/system identity
set name=rt4.cnova.info
/system ntp client
set enabled=yes primary-ntp=13.65.245.138 secondary-ntp=198.211.103.209
/system ntp server
set broadcast=yes enabled=yes multicast=yes
/system routerboard settings
set auto-upgrade=yes enter-setup-on=delete-key
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool mac-server ping
set enabled=no
There's a VLAN 14 that I was trying to use as the replacement for untagged, but it is not being used.