I have a C53UiG+5HPaxD2HPaxD device, currently on 7.17beta4 firmware. At some point after the next firmware update (I don't know for sure if it's related or not), it became impossible to detect the SSID of this router on the air. I've tried different firmware versions, resetting the device, different configuration methods, manual frequency setting - nothing works. For God's sake, please tell me, is it possible to do something to make wi-fi finally work? I gave the router to a hardware repair specialist, and he said that the router is fine. In Winbox, I see how the wi-fi interfaces are assigned with channels, but there is complete silence on the air, only other SSIDs are visible.
My current defconf config:
Code: Select all
# 2024-11-11 18:59:51 by RouterOS 7.17beta4
# software id = G1Q0-4165
#
# model = C53UiG+5HPaxD2HPaxD
# serial number = H*********6
/interface bridge add admin-mac=48:A9:8A:80:75:BF ageing-time=5m arp=enabled arp-timeout=auto auto-mac=no comment=defconf dhcp-snooping=no disabled=no fast-forward=yes forward-delay=15s igmp-snooping=no max-learned-entries=auto max-message-age=20s mtu=auto mvrp=no name=bridge port-cost-mode=long priority=0x8000 protocol-mode=rstp transmit-hold-count=6 vlan-filtering=no
/interface ethernet set [ find default-name=ether1 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full,2.5G-baseT arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1568 loop-protect=default loop-protect-disable-time=5m loop-protect-send-interval=5s mac-address=48:A9:8A:80:75:BE mtu=1500 name=ether1 orig-mac-address=48:A9:8A:80:75:BE poe-out=auto-on poe-priority=10 power-cycle-interval=none !power-cycle-ping-address power-cycle-ping-enabled=no !power-cycle-ping-timeout rx-flow-control=off tx-flow-control=off
/interface ethernet set [ find default-name=ether2 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1568 loop-protect=default loop-protect-disable-time=5m loop-protect-send-interval=5s mac-address=48:A9:8A:80:75:BF mtu=1500 name=ether2 orig-mac-address=48:A9:8A:80:75:BF rx-flow-control=off tx-flow-control=off
/interface ethernet set [ find default-name=ether3 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1568 loop-protect=default loop-protect-disable-time=5m loop-protect-send-interval=5s mac-address=48:A9:8A:80:75:C0 mtu=1500 name=ether3 orig-mac-address=48:A9:8A:80:75:C0 rx-flow-control=off tx-flow-control=off
/interface ethernet set [ find default-name=ether4 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1568 loop-protect=default loop-protect-disable-time=5m loop-protect-send-interval=5s mac-address=48:A9:8A:80:75:C1 mtu=1500 name=ether4 orig-mac-address=48:A9:8A:80:75:C1 rx-flow-control=off tx-flow-control=off
/interface ethernet set [ find default-name=ether5 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1568 loop-protect=default loop-protect-disable-time=5m loop-protect-send-interval=5s mac-address=48:A9:8A:80:75:C2 mtu=1500 name=ether5 orig-mac-address=48:A9:8A:80:75:C2 rx-flow-control=off tx-flow-control=off
/interface wifi set [ find default-name=wifi1 ] arp-timeout=auto channel.band=5ghz-ac .frequency=5240 .skip-dfs-channels=all .width=20/40mhz configuration.country=Russia .mode=ap .ssid=MikroTik-8075C3 disabled=no l2mtu=1560 mac-address=48:A9:8A:80:75:C3 name=wifi1 radio-mac=48:A9:8A:80:75:C3 security.authentication-types=wpa2-psk,wpa3-psk .ft=yes .ft-over-ds=yes
/interface wifi set [ find default-name=wifi2 ] arp-timeout=auto channel.band=2ghz-n .skip-dfs-channels=all .width=20mhz configuration.chains="" .country=Russia .mode=ap .ssid=MikroTik-8075C3 .tx-power=0 disabled=no l2mtu=1560 mac-address=48:A9:8A:80:75:C4 name=wifi2 radio-mac=48:A9:8A:80:75:C4 security.authentication-types=wpa2-psk,wpa3-psk .ft=yes .ft-over-ds=yes
/queue interface set bridge queue=no-queue
/interface ethernet switch set 0 !cpu-flow-control mirror-source=none mirror-target=none name=switch1
/interface ethernet switch port set 0 default-vlan-id=0
/interface ethernet switch port set 1 default-vlan-id=0
/interface ethernet switch port set 2 default-vlan-id=0
/interface ethernet switch port set 3 default-vlan-id=0
/interface ethernet switch port set 4 default-vlan-id=0
/interface ethernet switch port set 5 default-vlan-id=0
/interface ethernet switch port-isolation set 0 !forwarding-override
/interface ethernet switch port-isolation set 1 !forwarding-override
/interface ethernet switch port-isolation set 2 !forwarding-override
/interface ethernet switch port-isolation set 3 !forwarding-override
/interface ethernet switch port-isolation set 4 !forwarding-override
/interface ethernet switch port-isolation set 5 !forwarding-override
/interface list set [ find name=all ] comment="contains all interfaces" exclude="" include="" name=all
/interface list set [ find name=none ] comment="contains no interfaces" exclude="" include="" name=none
/interface list set [ find name=dynamic ] comment="contains dynamic interfaces" exclude="" include="" name=dynamic
/interface list set [ find name=static ] comment="contains static interfaces" exclude="" include="" name=static
/interface list add comment=defconf exclude="" include="" name=WAN
/interface list add comment=defconf exclude="" include="" name=LAN
/interface lte apn set [ find default=yes ] add-default-route=yes apn=internet authentication=none default-route-distance=2 ip-type=auto name=default use-network-apn=yes use-peer-dns=yes
/interface macsec profile set [ find default-name=default ] name=default server-priority=10
/ip dhcp-client option set clientid_duid code=61 name=clientid_duid value="0xff\$(CLIENT_DUID)"
/ip dhcp-client option set clientid code=61 name=clientid value="0x01\$(CLIENT_MAC)"
/ip dhcp-client option set hostname code=12 name=hostname value="\$(HOSTNAME)"
/ip hotspot profile set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot html-directory-override="" http-cookie-lifetime=3d http-proxy=0.0.0.0:0 install-hotspot-queue=no login-by=cookie,http-chap name=default smtp-server=0.0.0.0 split-user-domain=no use-radius=no
/ip hotspot user profile set [ find default=yes ] add-mac-cookie=yes address-list="" idle-timeout=none !insert-queue-before keepalive-timeout=2m mac-cookie-timeout=3d name=default !parent-queue !queue-type shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip ipsec mode-config set [ find default=yes ] name=request-only responder=no use-responder-dns=exclusively
/ip ipsec policy group set [ find default=yes ] name=default
/ip ipsec profile set [ find default=yes ] dh-group=modp2048,modp1024 dpd-interval=8s dpd-maximum-failures=4 enc-algorithm=aes-128,3des hash-algorithm=sha1 lifetime=1d name=default nat-traversal=yes proposal-check=obey
/ip ipsec proposal set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc lifetime=30m name=default pfs-group=modp1024
/ip pool add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server add address-lists="" address-pool=default-dhcp disabled=no interface=bridge lease-script="" lease-time=30m name=defconf use-radius=no
/ip smb users set [ find default=yes ] disabled=no name=guest read-only=yes
/ppp profile set *0 address-list="" !bridge !bridge-horizon bridge-learning=default !bridge-path-cost !bridge-port-priority !bridge-port-vid change-tcp-mss=yes !dns-server !idle-timeout !incoming-filter !insert-queue-before !interface-list !local-address name=default on-down="" on-up="" only-one=default !outgoing-filter !parent-queue !queue-type !rate-limit !remote-address !session-timeout use-compression=default use-encryption=default use-ipv6=yes use-mpls=default use-upnp=default !wins-server
/ppp profile set *FFFFFFFE address-list="" !bridge !bridge-horizon bridge-learning=default !bridge-path-cost !bridge-port-priority !bridge-port-vid change-tcp-mss=yes !dns-server !idle-timeout !incoming-filter !insert-queue-before !interface-list !local-address name=default-encryption on-down="" on-up="" only-one=default !outgoing-filter !parent-queue !queue-type !rate-limit !remote-address !session-timeout use-compression=default use-encryption=yes use-ipv6=yes use-mpls=default use-upnp=default !wins-server
/queue type set 0 kind=pfifo name=default pfifo-limit=50
/queue type set 1 kind=pfifo name=ethernet-default pfifo-limit=50
/queue type set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
/queue type set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
/queue type set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
/queue type set 5 kind=pcq name=pcq-upload-default pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 pcq-dst-address6-mask=128 pcq-limit=50KiB pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000KiB
/queue type set 6 kind=pcq name=pcq-download-default pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-dst-address6-mask=128 pcq-limit=50KiB pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000KiB
/queue type set 7 kind=none name=only-hardware-queue
/queue type set 8 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
/queue type set 9 kind=pfifo name=default-small pfifo-limit=10
/queue interface set ether1 queue=only-hardware-queue
/queue interface set ether2 queue=only-hardware-queue
/queue interface set ether3 queue=only-hardware-queue
/queue interface set ether4 queue=only-hardware-queue
/queue interface set ether5 queue=only-hardware-queue
/queue interface set wifi1 queue=wireless-default
/queue interface set wifi2 queue=wireless-default
/routing bgp template set default as=65530 name=default
/snmp community set [ find default=yes ] addresses=::/0 authentication-protocol=MD5 disabled=no encryption-protocol=DES name=public read-access=yes security=none write-access=no
/system logging action set 0 memory-lines=1000 memory-stop-on-full=no name=memory target=memory
/system logging action set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=1000 disk-stop-on-full=no name=disk target=disk
/system logging action set 2 name=echo remember=yes target=echo
/system logging action set 3 bsd-syslog=no name=remote remote=0.0.0.0 remote-port=514 src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto syslog-time-format=bsd-syslog target=remote
/user group set read name=read policy=local,telnet,ssh,reboot,read,test,winbox,password,web,sniff,sensitive,api,romon,rest-api,!ftp,!write,!policy skin=default
/user group set write name=write policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,sniff,sensitive,api,romon,rest-api,!ftp,!policy skin=default
/user group set full name=full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,rest-api skin=default
/certificate settings set crl-download=no crl-store=ram crl-use=no
/console settings set sanitize-names=no
/disk settings set auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes auto-smb-user=guest default-mount-point-template="[slot]"
/ip smb set comment=MikrotikSMB domain=MSHOME enabled=auto interfaces=all
/interface bridge port add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes ingress-filtering=yes interface=ether2 !internal-path-cost learn=auto multicast-router=temporary-query mvrp-applicant-state=normal-participant mvrp-registrar-state=normal !path-cost point-to-point=auto priority=0x80 pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
/interface bridge port add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes ingress-filtering=yes interface=ether3 !internal-path-cost learn=auto multicast-router=temporary-query mvrp-applicant-state=normal-participant mvrp-registrar-state=normal !path-cost point-to-point=auto priority=0x80 pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
/interface bridge port add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes ingress-filtering=yes interface=ether4 !internal-path-cost learn=auto multicast-router=temporary-query mvrp-applicant-state=normal-participant mvrp-registrar-state=normal !path-cost point-to-point=auto priority=0x80 pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
/interface bridge port add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes ingress-filtering=yes interface=ether5 !internal-path-cost learn=auto multicast-router=temporary-query mvrp-applicant-state=normal-participant mvrp-registrar-state=normal !path-cost point-to-point=auto priority=0x80 pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
/interface bridge port add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none ingress-filtering=yes interface=wifi1 !internal-path-cost learn=auto multicast-router=temporary-query mvrp-applicant-state=normal-participant mvrp-registrar-state=normal !path-cost point-to-point=auto priority=0x80 pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
/interface bridge port add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none ingress-filtering=yes interface=wifi2 !internal-path-cost learn=auto multicast-router=temporary-query mvrp-applicant-state=normal-participant mvrp-registrar-state=normal !path-cost point-to-point=auto priority=0x80 pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
/interface bridge port-controller
# disabled
set bridge=none cascade-ports="" switch=none
/interface bridge port-extender
# disabled
set control-ports="" excluded-ports="" switch=none
/interface bridge settings set allow-fast-path=yes use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/ip firewall connection tracking set enabled=auto generic-timeout=10m icmp-timeout=10s loose-tcp-tracking=yes tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-max-retrans-timeout=5m tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-time-wait-timeout=10s tcp-unacked-timeout=5m udp-stream-timeout=3m udp-timeout=30s
/ip neighbor discovery-settings set discover-interface-list=LAN discover-interval=30s lldp-mac-phy-config=no lldp-max-frame-size=no lldp-med-net-policy-vlan=disabled lldp-poe-power=yes lldp-vlan-info=no mode=tx-and-rx protocol=cdp,lldp,mndp
/ip settings set accept-redirects=no accept-source-route=no allow-fast-path=yes arp-timeout=30s icmp-errors-use-inbound-interface-address=no icmp-rate-limit=10 icmp-rate-mask=0x1818 ip-forward=yes ipv4-multipath-hash-policy=l3 max-neighbor-entries=16384 rp-filter=no secure-redirects=yes send-redirects=yes tcp-syncookies=no tcp-timestamps=random-offset
/ipv6 settings set accept-redirects=yes-if-forwarding-disabled accept-router-advertisements=yes-if-forwarding-disabled disable-ipv6=no forward=yes max-neighbor-entries=15360 min-neighbor-entries=3840 multipath-hash-policy=l3 soft-max-neighbor-entries=7680 stale-neighbor-detect-interval=30 stale-neighbor-timeout=60
/interface detect-internet set detect-interface-list=none internet-interface-list=none lan-interface-list=none wan-interface-list=none
/interface l2tp-server server set accept-proto-version=all accept-pseudowire-type=all allow-fast-path=no authentication=pap,chap,mschap1,mschap2 caller-id-type=ip-address default-profile=default-encryption enabled=no keepalive-timeout=30 l2tpv3-circuit-id="" l2tpv3-cookie-length=0 l2tpv3-digest-hash=md5 !l2tpv3-ether-interface-list max-mru=1450 max-mtu=1450 max-sessions=unlimited mrru=disabled one-session-per-host=no use-ipsec=no
/interface list member add comment=defconf disabled=no interface=bridge list=LAN
/interface list member add comment=defconf disabled=no interface=ether1 list=WAN
/interface lte settings set firmware-path=firmware mode=auto
/interface pptp-server server
# PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead
set authentication=mschap1,mschap2 default-profile=default-encryption enabled=no keepalive-timeout=30 max-mru=1450 max-mtu=1450 mrru=disabled
/interface sstp-server server set authentication=pap,chap,mschap1,mschap2 certificate=none ciphers=aes256-sha,aes256-gcm-sha384 default-profile=default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=disabled pfs=no port=443 tls-version=any verify-client-certificate=no
/interface wifi cap set enabled=no
/interface wifi capsman set enabled=no
/ip address add address=192.168.88.1/24 comment=defconf disabled=no interface=bridge network=192.168.88.0
/ip cloud set back-to-home-vpn=revoked-and-disabled ddns-enabled=auto ddns-update-interval=none update-time=yes
/ip cloud advanced set use-local-address=no
/ip dhcp-client add add-default-route=yes comment=defconf default-route-distance=1 dhcp-options=hostname,clientid disabled=no interface=ether1 use-peer-dns=yes use-peer-ntp=yes
/ip dhcp-server config set accounting=yes interim-update=0s radius-password=empty store-leases-disk=5m
/ip dhcp-server network add address=192.168.88.0/24 caps-manager="" comment=defconf dhcp-option="" dns-server=192.168.88.1 gateway=192.168.88.1 !next-server ntp-server="" wins-server=""
/ip dns set address-list-extra-time=0s allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB doh-max-concurrent-queries=50 doh-max-server-connections=5 doh-timeout=5s max-concurrent-queries=100 max-concurrent-tcp-sessions=20 max-udp-packet-size=4096 mdns-repeat-ifaces="" query-server-timeout=2s query-total-timeout=10s servers="" use-doh-server="" verify-doh-cert=no vrf=main
/ip dns static add address=192.168.88.1 comment=defconf disabled=no name=router.lan ttl=1d type=A
/ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
/ip firewall filter add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
/ip firewall filter add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
/ip firewall filter add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
/ip firewall filter add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
/ip firewall filter add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
/ip firewall filter add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
/ip firewall filter add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
/ip firewall filter add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
/ip firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
/ip firewall filter add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN !to-addresses !to-ports
/ip firewall service-port set ftp disabled=no ports=21
/ip firewall service-port set tftp disabled=no ports=69
/ip firewall service-port set irc disabled=yes ports=6667
/ip firewall service-port set h323 disabled=no
/ip firewall service-port set sip disabled=no ports=5060,5061 sip-direct-media=yes sip-timeout=1h
/ip firewall service-port set pptp disabled=no
/ip firewall service-port set rtsp disabled=yes ports=554
/ip firewall service-port set udplite disabled=no
/ip firewall service-port set dccp disabled=no
/ip firewall service-port set sctp disabled=no
/ip hotspot service-port set ftp disabled=no ports=21
/ip hotspot user set [ find default=yes ] comment="counters and limits for trial users" disabled=no name=default-trial
/ip ipsec policy set 0 disabled=no dst-address=::/0 group=default proposal=default protocol=all src-address=::/0 template=yes
/ip ipsec settings set accounting=yes interim-update=0s xauth-use-radius=no
/ip media settings set thumbnails=""
/ip nat-pmp set enabled=no
/ip proxy set always-from-cache=no anonymous=no cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no cache-path=web-proxy enabled=no max-cache-object-size=2048KiB max-cache-size=unlimited max-client-connections=600 max-fresh-time=3d max-server-connections=600 parent-proxy=:: parent-proxy-port=0 port=8080 serialize-connections=no src-address=::
/ip service set telnet address="" disabled=no max-sessions=20 port=23 vrf=main
/ip service set ftp address="" disabled=no max-sessions=20 port=21
/ip service set www address="" disabled=no max-sessions=20 port=80 vrf=main
/ip service set ssh address="" disabled=no max-sessions=20 port=22 vrf=main
/ip service set www-ssl address="" certificate=none disabled=yes max-sessions=20 port=443 tls-version=any vrf=main
/ip service set api address="" disabled=no max-sessions=20 port=8728 vrf=main
/ip service set winbox address="" disabled=no max-sessions=20 port=8291 vrf=main
/ip service set api-ssl address="" certificate=none disabled=no max-sessions=20 port=8729 tls-version=any vrf=main
/ip smb shares set [ find default=yes ] directory=pub disabled=yes invalid-users="" name=pub read-only=no require-encryption=no valid-users=""
/ip socks set auth-method=none connection-idle-timeout=2m enabled=no max-connections=200 port=1080 version=4 vrf=main
/ip ssh set always-allow-password-login=no ciphers=auto forwarding-enabled=no host-key-size=2048 host-key-type=rsa strong-crypto=no
/ip tftp settings set max-block-size=4096
/ip traffic-flow set active-flow-timeout=30m cache-entries=256k enabled=no inactive-flow-timeout=15s interfaces=all packet-sampling=no sampling-interval=0 sampling-space=0
/ip traffic-flow ipfix set bytes=yes dst-address=yes dst-address-mask=yes dst-mac-address=yes dst-port=yes first-forwarded=yes gateway=yes icmp-code=yes icmp-type=yes igmp-type=yes in-interface=yes ip-header-length=yes ip-total-length=yes ipv6-flow-label=yes is-multicast=yes last-forwarded=yes nat-dst-address=yes nat-dst-port=yes nat-events=no nat-src-address=yes nat-src-port=yes out-interface=yes packets=yes protocol=yes src-address=yes src-address-mask=yes src-mac-address=yes src-port=yes sys-init-time=yes tcp-ack-num=yes tcp-flags=yes tcp-seq-num=yes tcp-window-size=yes tos=yes ttl=yes udp-length=yes
/ip upnp set allow-disable-external-interface=no enabled=no show-dummy-rule=yes
/ipv6 firewall address-list add address=::/128 comment="defconf: unspecified address" disabled=no dynamic=no list=bad_ipv6
/ipv6 firewall address-list add address=::1/128 comment="defconf: lo" disabled=no dynamic=no list=bad_ipv6
/ipv6 firewall address-list add address=fec0::/10 comment="defconf: site-local" disabled=no dynamic=no list=bad_ipv6
/ipv6 firewall address-list add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" disabled=no dynamic=no list=bad_ipv6
/ipv6 firewall address-list add address=::/96 comment="defconf: ipv4 compat" disabled=no dynamic=no list=bad_ipv6
/ipv6 firewall address-list add address=100::/64 comment="defconf: discard only " disabled=no dynamic=no list=bad_ipv6
/ipv6 firewall address-list add address=2001:db8::/32 comment="defconf: documentation" disabled=no dynamic=no list=bad_ipv6
/ipv6 firewall address-list add address=2001:10::/28 comment="defconf: ORCHID" disabled=no dynamic=no list=bad_ipv6
/ipv6 firewall address-list add address=3ffe::/16 comment="defconf: 6bone" disabled=no dynamic=no list=bad_ipv6
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
/ipv6 firewall filter add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept UDP traceroute" dst-port=33434-33534 protocol=udp
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
/ipv6 firewall filter add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
/ipv6 firewall filter add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept HIP" protocol=139
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/ipv6 nd set [ find default=yes ] advertise-dns=yes advertise-mac-address=yes disabled=no hop-limit=unspecified interface=all managed-address-configuration=no mtu=unspecified other-configuration=no ra-delay=3s ra-interval=3m20s-10m ra-lifetime=30m ra-preference=medium reachable-time=unspecified retransmit-interval=unspecified
/ipv6 nd prefix default set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d
/mpls settings set allow-fast-path=yes dynamic-label-range=16-1048575 propagate-ttl=yes
/ppp aaa set accounting=yes enable-ipv6-accounting=no interim-update=0s use-circuit-id-in-nas-port-id=no use-radius=no
/radius incoming set accept=no port=3799 vrf=main
/routing igmp-proxy set query-interval=2m5s query-response-interval=10s quick-leave=no
/routing settings set single-process=no
/snmp set contact="" enabled=no engine-id-suffix="" location="" src-address=:: trap-community=public trap-generators=temp-exception trap-target="" trap-version=1 vrf=main
/system clock set time-zone-autodetect=yes time-zone-name=manual
/system clock manual set dst-delta=+00:00 dst-end="1970-01-01 00:00:00" dst-start="1970-01-01 00:00:00" time-zone=+00:00
/system health settings set cpu-overtemp-check=no cpu-overtemp-startup-delay=1m cpu-overtemp-threshold=105C
/system identity set name=MikroTik
/system leds set 0 disabled=no leds=poe-led type=poe-out
/system leds set 1 disabled=no interface=ether1 leds=led1 type=interface-activity
/system leds set 2 disabled=no interface=ether2 leds=led2 type=interface-activity
/system leds set 3 disabled=no interface=ether3 leds=led3 type=interface-activity
/system leds set 4 disabled=no interface=ether4 leds=led4 type=interface-activity
/system leds set 5 disabled=no interface=ether5 leds=led5 type=interface-activity
/system leds settings set all-leds-off=never
/system logging set 0 action=memory disabled=no prefix="" regex="" topics=info
/system logging set 1 action=memory disabled=no prefix="" regex="" topics=error
/system logging set 2 action=memory disabled=no prefix="" regex="" topics=warning
/system logging set 3 action=echo disabled=no prefix="" regex="" topics=critical
/system note set note="" show-at-cli-login=no show-at-login=no
/system ntp client set enabled=no mode=unicast servers="" vrf=main
/system ntp server set auth-key=none broadcast=no broadcast-addresses="" enabled=no local-clock-stratum=5 manycast=no multicast=no use-local-clock=no vrf=main
/system package local-update mirror set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 user=""
/system resource irq set 0 cpu=auto
/system resource irq set 1 cpu=auto
/system resource irq set 2 cpu=auto
/system resource irq set 3 cpu=auto
/system resource irq set 4 cpu=auto
/system resource irq set 5 cpu=auto
/system resource irq set 6 cpu=auto
/system resource irq set 7 cpu=auto
/system resource irq set 8 cpu=auto
/system resource irq set 9 cpu=auto
/system resource irq set 10 cpu=auto
/system resource irq set 11 cpu=auto
/system resource irq set 12 cpu=auto
/system resource irq set 13 cpu=auto
/system resource irq set 14 cpu=auto
/system resource irq set 15 cpu=auto
/system resource irq set 16 cpu=auto
/system resource irq set 17 cpu=auto
/system resource irq set 18 cpu=auto
/system resource irq set 19 cpu=auto
/system resource irq set 20 cpu=auto
/system resource irq set 21 cpu=auto
/system resource irq set 22 cpu=auto
/system resource irq set 23 cpu=auto
/system resource irq set 24 cpu=auto
/system resource irq set 25 cpu=auto
/system resource irq set 26 cpu=auto
/system resource irq set 27 cpu=auto
/system resource irq set 28 cpu=auto
/system resource irq set 29 cpu=auto
/system resource irq set 30 cpu=auto
/system resource irq set 31 cpu=auto
/system resource irq set 32 cpu=auto
/system resource irq set 33 cpu=auto
/system resource irq set 34 cpu=auto
/system resource irq set 35 cpu=auto
/system resource irq set 36 cpu=auto
/system resource irq set 37 cpu=auto
/system resource irq set 38 cpu=auto
/system resource irq set 39 cpu=auto
/system resource irq set 40 cpu=auto
/system resource irq set 41 cpu=auto
/system resource irq set 42 cpu=auto
/system resource irq set 43 cpu=auto
/system resource irq set 44 cpu=auto
/system resource irq set 45 cpu=auto
/system resource irq set 46 cpu=auto
/system resource irq set 47 cpu=auto
/system resource irq set 48 cpu=auto
/system resource irq rps set ether1 disabled=yes
/system resource irq rps set ether2 disabled=yes
/system resource irq rps set ether3 disabled=yes
/system resource irq rps set ether4 disabled=yes
/system resource irq rps set ether5 disabled=yes
/system resource usb settings set authorization=no
/system routerboard mode-button set enabled=yes hold-time=0s..1m on-event=dark-mode
/system routerboard reset-button set enabled=no hold-time=0s..1m on-event=""
/system routerboard settings set auto-upgrade=no boot-device=nand-if-fail-then-ethernet boot-protocol=bootp force-backup-booter=no preboot-etherboot=disabled preboot-etherboot-server=any protected-routerboot=disabled reformat-hold-button=20s reformat-hold-button-max=10m silent-boot=no
/system routerboard wps-button set enabled=yes hold-time=0s..1m on-event=wps-accept
/system script add comment=defconf dont-require-permissions=no name=dark-mode owner=*sys policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\r\
\n :if ([system leds settings get all-leds-off] = \"never\") do={\r\
\n /system leds settings set all-leds-off=immediate \r\
\n } else={\r\
\n /system leds settings set all-leds-off=never \r\
\n }\r\
\n "
/system script add comment=defconf dont-require-permissions=no name=wps-accept owner=*sys policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\r\
\n :foreach iface in=[/interface/wifi find where (configuration.mode=\"ap\" && disabled=no)] do={\r\
\n /interface/wifi wps-push-button \$iface;}\r\
\n "
/system watchdog set auto-send-supout=no automatic-supout=yes ping-start-after-boot=5m ping-timeout=1m watch-address=none watchdog-timer=yes
/tool bandwidth-server set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=100
/tool e-mail set from=<> port=25 server=0.0.0.0 tls=no user="" vrf=main
/tool graphing set page-refresh=300 store-every=5min
/tool mac-server set allowed-interface-list=LAN
/tool mac-server mac-winbox set allowed-interface-list=LAN
/tool mac-server ping set enabled=yes
/tool romon set enabled=no id=00:00:00:00:00:00
/tool romon port set [ find default=yes ] cost=100 disabled=no forbid=no interface=all
/tool sms set allowed-number="" channel=0 polling=no port=none receive-enabled=no sms-storage=sim
/tool sniffer set file-limit=1000KiB file-name="" filter-cpu="" filter-direction=any filter-dst-ip-address="" filter-dst-ipv6-address="" filter-dst-mac-address="" filter-dst-port="" filter-interface="" filter-ip-address="" filter-ip-protocol="" filter-ipv6-address="" filter-mac-address="" filter-mac-protocol="" filter-operator-between-entries=or filter-port="" filter-size="" filter-src-ip-address="" filter-src-ipv6-address="" filter-src-mac-address="" filter-src-port="" filter-stream=no filter-vlan="" memory-limit=100KiB memory-scroll=yes only-headers=no quick-rows=20 quick-show-frame=no streaming-enabled=no streaming-server=0.0.0.0:37008
/tool traffic-generator set latency-distribution-max=100us measure-out-of-order=no stats-samples-to-keep=100 test-id=0
/user aaa set accounting=yes default-group=read exclude-groups="" interim-update=0s use-radius=no
/user settings set minimum-categories=0 minimum-password-length=0