Community discussions

MikroTik App
 
User avatar
Sahafi2001
newbie
Topic Author
Posts: 41
Joined: Mon Apr 12, 2021 3:22 pm
Contact:

Are the settings of the Vlan for the 1100AHx4 router correct and what are the correct settings?

Wed Oct 20, 2021 10:49 pm

We use hotspot for users and we broadcast the Internet through ubnt devices, but after the latest updates we face several problems
# oct/20/2021 22:15:35 by RouterOS 6.48.5
RB1100AHx4 Dude Edition
/interface bridge
add admin-mac=00:00:00:00:00:01 auto-mac=no dhcp-snooping=yes name=OUT
/interface ethernet
set [ find default-name=ether2 ] name=LAN
set [ find default-name=ether1 ] name=WAN
set [ find default-name=ether3 ] disabled=yes
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=ether9 ] disabled=yes
set [ find default-name=ether10 ] disabled=yes
set [ find default-name=ether11 ] disabled=yes
set [ find default-name=ether12 ] disabled=yes
set [ find default-name=ether13 ] disabled=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=WAN name=4Mbps user=123456
/interface vlan
add interface=OUT name=AP-1 vlan-id=176
add interface=OUT name=AP-2 vlan-id=178
add interface=OUT name=AP-3 vlan-id=179
add interface=OUT name=AP-4 vlan-id=180
add interface=OUT name=AP-5 vlan-id=182
add interface=OUT name=AP-6 vlan-id=183
add interface=OUT name=AP-7 vlan-id=184
add interface=OUT name=AP-8 vlan-id=185
add interface=OUT name=AP-9 vlan-id=186
add interface=OUT name=AP-10 vlan-id=187
add interface=OUT name=APH2 vlan-id=203
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 13 default-vlan-id=0
/interface list
add name=Out-List
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name=EXE regexp="\\x4d\\x5a(\\x90\\x03|\\x50\\x02)\\x04"
add name=ZIP regexp="pk\\x03\\x04\\x14"
add name=MP4 regexp="\\x18\\x66\\x74\\x79\\x70"
add name=RAR regexp="Rar\\x21\\x1a\\x07"
add name=youtube regexp="r[0-9]+---[a-z]+-+[a-z0-9-]+\\.googlevideo\\.com"
add name=AKfreedom regexp="^.+(1yf.de|2yf.de|53r.de|93.ye|YF.de|8u6.de|f.de|fe\
    r.net|resolution.de|freedom.net|your-freedom|your-freedom.de|www.your-free\
    dom.de|www.your-freedom.net)"
/ip hotspot profile
set [ find default=yes ] html-directory=Yemen login-by=\
    cookie,http-chap,http-pap,mac-cookie use-radius=yes
add hotspot-address=172.16.0.1 html-directory=Yemen login-by=\
    http-chap,http-pap,mac-cookie name=Hotspot
/ip pool
add name=OUT ranges=10.76.1.2-10.76.255.254
add name=AP-1 ranges=172.16.1.10-172.16.1.254
add name=AP-2 ranges=172.16.2.10-172.16.2.254
add name=AP-3 ranges=172.16.3.10-172.16.3.254
add name=AP-4 ranges=172.16.4.10-172.16.4.254
add name=AP-5 ranges=172.16.5.10-172.16.5.254
add name=AP-6 ranges=172.16.6.10-172.16.6.254
add name=AP-7 ranges=172.16.7.2-172.16.7.254
add name=AP-8 ranges=172.16.8.2-172.16.8.254
add name=AP-9 ranges=172.16.9.2-172.16.9.254
add name=AP-10 ranges=172.16.10.2-172.16.10.254
add name=APH2 ranges=172.16.52.2-172.16.52.254
/ip dhcp-server
add add-arp=yes address-pool=OUT disabled=no interface=OUT lease-time=3h \
    name=OUT
add add-arp=yes address-pool=AP-1 disabled=no interface=AP-1 lease-time=3h \
    name=AP-1
add add-arp=yes address-pool=AP-2 disabled=no interface=AP-2 lease-time=3h \
    name=AP-2
add add-arp=yes address-pool=AP-3 disabled=no interface=AP-3 lease-time=3h \
    name=AP-3
add add-arp=yes address-pool=AP-4 disabled=no interface=AP-4 lease-time=3h \
    name=AP-4
add add-arp=yes address-pool=AP-5 disabled=no interface=AP-5 lease-time=3h \
    name=AP-5
add add-arp=yes address-pool=AP-6 disabled=no interface=AP-6 lease-time=3h \
    name=AP-6
add add-arp=yes address-pool=AP-7 disabled=no interface=AP-7 lease-time=3h \
    name=AP-7
add add-arp=yes address-pool=AP-8 disabled=no interface=AP-8 lease-time=3h \
    name=AP-8
add add-arp=yes address-pool=AP-9 disabled=no interface=AP-9 lease-time=3h \
    name=AP-9
add add-arp=yes address-pool=AP-10 disabled=no interface=AP-10 lease-time=3h \
    name=AP-10
add add-arp=yes address-pool=APH2 disabled=no interface=APH2 lease-time=3h \
    name=APH2
/ip hotspot
add address-pool=OUT addresses-per-mac=unlimited disabled=no idle-timeout=2m \
    interface=OUT keepalive-timeout=3m login-timeout=5m name="Yemen Home" \
    profile=Hotspot
add address-pool=AP-1 addresses-per-mac=unlimited disabled=no idle-timeout=2m \
    interface=AP-1 keepalive-timeout=3m login-timeout=5m name="Yemen 1" \
    profile=Hotspot
add address-pool=AP-2 addresses-per-mac=unlimited disabled=no idle-timeout=2m \
    interface=AP-2 keepalive-timeout=3m login-timeout=5m name="Yemen 2" \
    profile=Hotspot
add address-pool=AP-3 addresses-per-mac=unlimited disabled=no idle-timeout=2m \
    interface=AP-3 keepalive-timeout=3m login-timeout=5m name="Yemen 3" \
    profile=Hotspot
add address-pool=AP-4 addresses-per-mac=unlimited disabled=no idle-timeout=2m \
    interface=AP-4 keepalive-timeout=3m login-timeout=5m name="Yemen 4" \
    profile=Hotspot
add address-pool=AP-5 addresses-per-mac=unlimited disabled=no idle-timeout=2m \
    interface=AP-5 keepalive-timeout=3m login-timeout=5m name="Yemen 5" \
    profile=Hotspot
add address-pool=AP-6 addresses-per-mac=unlimited disabled=no idle-timeout=2m \
    interface=AP-6 keepalive-timeout=3m login-timeout=5m name="Yemen 6" \
    profile=Hotspot
add address-pool=AP-7 addresses-per-mac=unlimited disabled=no idle-timeout=2m \
    interface=AP-7 keepalive-timeout=3m login-timeout=5m name="Yemen 7" \
    profile=Hotspot
add address-pool=AP-8 addresses-per-mac=unlimited disabled=no idle-timeout=2m \
    interface=AP-8 keepalive-timeout=3m login-timeout=5m name="Yemen 8" \
    profile=Hotspot
add address-pool=AP-9 addresses-per-mac=unlimited disabled=no idle-timeout=2m \
    interface=AP-9 keepalive-timeout=3m login-timeout=5m name="Yemen 9" \
    profile=Hotspot
add address-pool=AP-10 addresses-per-mac=unlimited disabled=no idle-timeout=\
    2m interface=AP-10 keepalive-timeout=3m login-timeout=5m name=\
    "Yemen 10" profile=Hotspot
add address-pool=APH2 addresses-per-mac=unlimited disabled=no idle-timeout=2m \
    interface=APH2 keepalive-timeout=3m login-timeout=5m name="Yemen H2" \
    profile=Hotspot
/queue simple
add comment=Center-Point name=Others queue=hotspot-default/hotspot-default \
    target=1.1.1.1/32
add comment=Center-Point name=82.114.160.46 queue=\
    hotspot-default/hotspot-default target=82.114.160.46/32
add comment=Center-Point name=82.114.160.45 queue=\
    hotspot-default/hotspot-default target=82.114.160.45/32
add comment=Center-Point name=8.8.4.4 queue=hotspot-default/hotspot-default \
    target=8.8.4.4/32
add comment=Center-Point name=8.8.8.8 queue=hotspot-default/hotspot-default \
    target=8.8.8.8/32
/ip hotspot user profile
set [ find default=yes ] insert-queue-before=Others keepalive-timeout=3m \
    on-login="{:local factoryTime  [:pick [/system clock get date] 7 30];:if (\
    \$factoryTime >= 2015) do={:local Systemdate [ /system clock get date ];:l\
    ocal systemTime [ /system clock get time];:local LimitUptime [ /ip hotspot\
    \_user get \$user limit-uptime ];:local limitBytesTotal [ /ip hotspot user\
    \_get \$user limit-bytes-total];:local username [ /ip hotspot user get \$u\
    ser name];:local PrintDate;:local PrintTime;:local IsFirstUse;:local Mac 0\
    0:00:00:00:00:00;:local  content [ /ip hotspot user get \$user comment ];:\
    if ([:len \$LimitUptime] = 0)  do={:set LimitUptime unlimited};  :if ([:le\
    n \$limitBytesTotal] = 0)    do={:set limitBytesTotal unlimited};:local Is\
    comment [ :find \$content \"#\" ];:if ( \$Iscomment >= 0 ) do={:local pos1\
    \_[:find \$content \"#\"];:local pos3 [:len \$content];:local pos2 ([:find\
    \_[:pick \$content (\$pos1+1) \$pos3] \"%\"]+\$pos1+1);:set PrintDate  [:p\
    ick \$content 0 (\$pos1)];:set PrintTime  [:pick \$content (\$pos1+1) \$po\
    s2];:set IsFirstUse [:pick \$content (\$pos2+1) (\$pos3)];:if (\$IsFirstUs\
    e = true) do={:set Mac [/ip hotspot active get [find user=\$username] mac-\
    address];};[/ip hotspot user set \$user mac-address=\$Mac comment=(\$Syste\
    mdate . \"!\" . \$systemTime . \"%\" . \$PrintDate . \"!\" . \$PrintTime .\
    \_\"^\" . \$Systemdate . \"!\" . \$systemTime . \"*\" . \$limitBytesTotal \
    . \"&\" . \$LimitUptime)];};};};\
    \n\
    \n" on-logout=" {:local content [ /ip hotspot user get \$user comment ];:l\
    ocal Uuptime [ /ip hotspot user get \$user uptime];:local LimitUptime [ /i\
    p hotspot user get \$user limit-uptime ];:local limitBytesTotal [ /ip hots\
    pot user get \$user limit-bytes-total];:local bytesOut [ /ip hotspot user \
    get \$user bytes-out];:local IscommentAnd [ :find \$content \"&\" ];:local\
    \_IscommentStar [ :find \$content \"*\" ];:if ( \$IscommentAnd >= 0 && \$I\
    scommentStar >=0) do={:local pos1 [:find \$content \"*\"];:local pos2 [:le\
    n \$content];:local comment [:pick \$content 0 (\$pos1) ]; :local Timeleft\
    ;:local Sizletf;:if ([:len \$LimitUptime] = 0)   do={ :set Timeleft unlimi\
    ted};:if ([:len \$LimitUptime] != 0)   do={  :set Timeleft (\$LimitUptime \
    - \$Uuptime);};:if ([:len \$limitBytesTotal] = 0)    do={ :set Sizletf unl\
    imited};:if ([:len \$limitBytesTotal] != 0)    do={:set Sizletf (\$limitBy\
    tesTotal - \$bytesOut);};[/ip  hotspot user set \$user comment=(\$comment \
    . \"*\" . \$Sizletf . \"&\" . \$Timeleft)];};}; \
    \n\
    \n" rate-limit=400k/1500k
add insert-queue-before=Others keepalive-timeout=3m name=100 on-login="{:local\
    \_factoryTime  [:pick [/system clock get date] 7 30];:if (\$factoryTime >=\
    \_2015) do={:local Systemdate [ /system clock get date ];:local systemTime\
    \_[ /system clock get time];:local LimitUptime [ /ip hotspot user get \$us\
    er limit-uptime ];:local limitBytesTotal [ /ip hotspot user get \$user lim\
    it-bytes-total];:local username [ /ip hotspot user get \$user name];:local\
    \_PrintDate;:local PrintTime;:local IsFirstUse;:local Mac 00:00:00:00:00:0\
    0;:local  content [ /ip hotspot user get \$user comment ];:if ([:len \$Lim\
    itUptime] = 0)  do={:set LimitUptime unlimited};  :if ([:len \$limitBytesT\
    otal] = 0)    do={:set limitBytesTotal unlimited};:local Iscomment [ :find\
    \_\$content \"#\" ];:if ( \$Iscomment >= 0 ) do={:local pos1 [:find \$cont\
    ent \"#\"];:local pos3 [:len \$content];:local pos2 ([:find [:pick \$conte\
    nt (\$pos1+1) \$pos3] \"%\"]+\$pos1+1);:set PrintDate  [:pick \$content 0 \
    (\$pos1)];:set PrintTime  [:pick \$content (\$pos1+1) \$pos2];:set IsFirst\
    Use [:pick \$content (\$pos2+1) (\$pos3)];:if (\$IsFirstUse = true) do={:s\
    et Mac [/ip hotspot active get [find user=\$username] mac-address];};[/ip \
    hotspot user set \$user mac-address=\$Mac comment=(\$Systemdate . \"!\" . \
    \$systemTime . \"%\" . \$PrintDate . \"!\" . \$PrintTime . \"^\" . \$Syste\
    mdate . \"!\" . \$systemTime . \"*\" . \$limitBytesTotal . \"&\" . \$Limit\
    Uptime)];};};};\
    \n\
    \n" on-logout=" {:local content [ /ip hotspot user get \$user comment ];:l\
    ocal Uuptime [ /ip hotspot user get \$user uptime];:local LimitUptime [ /i\
    p hotspot user get \$user limit-uptime ];:local limitBytesTotal [ /ip hots\
    pot user get \$user limit-bytes-total];:local bytesOut [ /ip hotspot user \
    get \$user bytes-out];:local IscommentAnd [ :find \$content \"&\" ];:local\
    \_IscommentStar [ :find \$content \"*\" ];:if ( \$IscommentAnd >= 0 && \$I\
    scommentStar >=0) do={:local pos1 [:find \$content \"*\"];:local pos2 [:le\
    n \$content];:local comment [:pick \$content 0 (\$pos1) ]; :local Timeleft\
    ;:local Sizletf;:if ([:len \$LimitUptime] = 0)   do={ :set Timeleft unlimi\
    ted};:if ([:len \$LimitUptime] != 0)   do={  :set Timeleft (\$LimitUptime \
    - \$Uuptime);};:if ([:len \$limitBytesTotal] = 0)    do={ :set Sizletf unl\
    imited};:if ([:len \$limitBytesTotal] != 0)    do={:set Sizletf (\$limitBy\
    tesTotal - \$bytesOut);};[/ip  hotspot user set \$user comment=(\$comment \
    . \"*\" . \$Sizletf . \"&\" . \$Timeleft)];};}; \
    \n\
    \n" rate-limit=200k/600k
add insert-queue-before=Others keepalive-timeout=3m mac-cookie-timeout=1w3d \
    name=500 on-login="{:local factoryTime  [:pick [/system clock get date] 7 \
    30];:if (\$factoryTime >= 2015) do={:local Systemdate [ /system clock get \
    date ];:local systemTime [ /system clock get time];:local LimitUptime [ /i\
    p hotspot user get \$user limit-uptime ];:local limitBytesTotal [ /ip hots\
    pot user get \$user limit-bytes-total];:local username [ /ip hotspot user \
    get \$user name];:local PrintDate;:local PrintTime;:local IsFirstUse;:loca\
    l Mac 00:00:00:00:00:00;:local  content [ /ip hotspot user get \$user comm\
    ent ];:if ([:len \$LimitUptime] = 0)  do={:set LimitUptime unlimited};  :i\
    f ([:len \$limitBytesTotal] = 0)    do={:set limitBytesTotal unlimited};:l\
    ocal Iscomment [ :find \$content \"#\" ];:if ( \$Iscomment >= 0 ) do={:loc\
    al pos1 [:find \$content \"#\"];:local pos3 [:len \$content];:local pos2 (\
    [:find [:pick \$content (\$pos1+1) \$pos3] \"%\"]+\$pos1+1);:set PrintDate\
    \_ [:pick \$content 0 (\$pos1)];:set PrintTime  [:pick \$content (\$pos1+1\
    ) \$pos2];:set IsFirstUse [:pick \$content (\$pos2+1) (\$pos3)];:if (\$IsF\
    irstUse = true) do={:set Mac [/ip hotspot active get [find user=\$username\
    ] mac-address];};[/ip hotspot user set \$user mac-address=\$Mac comment=(\
    \$Systemdate . \"!\" . \$systemTime . \"%\" . \$PrintDate . \"!\" . \$Prin\
    tTime . \"^\" . \$Systemdate . \"!\" . \$systemTime . \"*\" . \$limitBytes\
    Total . \"&\" . \$LimitUptime)];};};};\
    \n\
    \n" on-logout=" {:local content [ /ip hotspot user get \$user comment ];:l\
    ocal Uuptime [ /ip hotspot user get \$user uptime];:local LimitUptime [ /i\
    p hotspot user get \$user limit-uptime ];:local limitBytesTotal [ /ip hots\
    pot user get \$user limit-bytes-total];:local bytesOut [ /ip hotspot user \
    get \$user bytes-out];:local IscommentAnd [ :find \$content \"&\" ];:local\
    \_IscommentStar [ :find \$content \"*\" ];:if ( \$IscommentAnd >= 0 && \$I\
    scommentStar >=0) do={:local pos1 [:find \$content \"*\"];:local pos2 [:le\
    n \$content];:local comment [:pick \$content 0 (\$pos1) ]; :local Timeleft\
    ;:local Sizletf;:if ([:len \$LimitUptime] = 0)   do={ :set Timeleft unlimi\
    ted};:if ([:len \$LimitUptime] != 0)   do={  :set Timeleft (\$LimitUptime \
    - \$Uuptime);};:if ([:len \$limitBytesTotal] = 0)    do={ :set Sizletf unl\
    imited};:if ([:len \$limitBytesTotal] != 0)    do={:set Sizletf (\$limitBy\
    tesTotal - \$bytesOut);};[/ip  hotspot user set \$user comment=(\$comment \
    . \"*\" . \$Sizletf . \"&\" . \$Timeleft)];};}; \
    \n\
    \n" rate-limit=350k/1250k
add insert-queue-before=Others keepalive-timeout=3m name=Admin
add insert-queue-before=Others keepalive-timeout=3m mac-cookie-timeout=6d \
    name=250 on-login="{:local factoryTime  [:pick [/system clock get date] 7 \
    30];:if (\$factoryTime >= 2015) do={:local Systemdate [ /system clock get \
    date ];:local systemTime [ /system clock get time];:local LimitUptime [ /i\
    p hotspot user get \$user limit-uptime ];:local limitBytesTotal [ /ip hots\
    pot user get \$user limit-bytes-total];:local username [ /ip hotspot user \
    get \$user name];:local PrintDate;:local PrintTime;:local IsFirstUse;:loca\
    l Mac 00:00:00:00:00:00;:local  content [ /ip hotspot user get \$user comm\
    ent ];:if ([:len \$LimitUptime] = 0)  do={:set LimitUptime unlimited};  :i\
    f ([:len \$limitBytesTotal] = 0)    do={:set limitBytesTotal unlimited};:l\
    ocal Iscomment [ :find \$content \"#\" ];:if ( \$Iscomment >= 0 ) do={:loc\
    al pos1 [:find \$content \"#\"];:local pos3 [:len \$content];:local pos2 (\
    [:find [:pick \$content (\$pos1+1) \$pos3] \"%\"]+\$pos1+1);:set PrintDate\
    \_ [:pick \$content 0 (\$pos1)];:set PrintTime  [:pick \$content (\$pos1+1\
    ) \$pos2];:set IsFirstUse [:pick \$content (\$pos2+1) (\$pos3)];:if (\$IsF\
    irstUse = true) do={:set Mac [/ip hotspot active get [find user=\$username\
    ] mac-address];};[/ip hotspot user set \$user mac-address=\$Mac comment=(\
    \$Systemdate . \"!\" . \$systemTime . \"%\" . \$PrintDate . \"!\" . \$Prin\
    tTime . \"^\" . \$Systemdate . \"!\" . \$systemTime . \"*\" . \$limitBytes\
    Total . \"&\" . \$LimitUptime)];};};};\
    \n\
    \n" on-logout=" {:local content [ /ip hotspot user get \$user comment ];:l\
    ocal Uuptime [ /ip hotspot user get \$user uptime];:local LimitUptime [ /i\
    p hotspot user get \$user limit-uptime ];:local limitBytesTotal [ /ip hots\
    pot user get \$user limit-bytes-total];:local bytesOut [ /ip hotspot user \
    get \$user bytes-out];:local IscommentAnd [ :find \$content \"&\" ];:local\
    \_IscommentStar [ :find \$content \"*\" ];:if ( \$IscommentAnd >= 0 && \$I\
    scommentStar >=0) do={:local pos1 [:find \$content \"*\"];:local pos2 [:le\
    n \$content];:local comment [:pick \$content 0 (\$pos1) ]; :local Timeleft\
    ;:local Sizletf;:if ([:len \$LimitUptime] = 0)   do={ :set Timeleft unlimi\
    ted};:if ([:len \$LimitUptime] != 0)   do={  :set Timeleft (\$LimitUptime \
    - \$Uuptime);};:if ([:len \$limitBytesTotal] = 0)    do={ :set Sizletf unl\
    imited};:if ([:len \$limitBytesTotal] != 0)    do={:set Sizletf (\$limitBy\
    tesTotal - \$bytesOut);};[/ip  hotspot user set \$user comment=(\$comment \
    . \"*\" . \$Sizletf . \"&\" . \$Timeleft)];};}; \
    \n\
    \n" rate-limit=300k/1024k
add insert-queue-before=Others keepalive-timeout=3m name=Sub on-login="{:local\
    \_factoryTime  [:pick [/system clock get date] 7 30];:if (\$factoryTime >=\
    \_2015) do={:local Systemdate [ /system clock get date ];:local systemTime\
    \_[ /system clock get time];:local LimitUptime [ /ip hotspot user get \$us\
    er limit-uptime ];:local limitBytesTotal [ /ip hotspot user get \$user lim\
    it-bytes-total];:local username [ /ip hotspot user get \$user name];:local\
    \_PrintDate;:local PrintTime;:local IsFirstUse;:local Mac 00:00:00:00:00:0\
    0;:local  content [ /ip hotspot user get \$user comment ];:if ([:len \$Lim\
    itUptime] = 0)  do={:set LimitUptime unlimited};  :if ([:len \$limitBytesT\
    otal] = 0)    do={:set limitBytesTotal unlimited};:local Iscomment [ :find\
    \_\$content \"#\" ];:if ( \$Iscomment >= 0 ) do={:local pos1 [:find \$cont\
    ent \"#\"];:local pos3 [:len \$content];:local pos2 ([:find [:pick \$conte\
    nt (\$pos1+1) \$pos3] \"%\"]+\$pos1+1);:set PrintDate  [:pick \$content 0 \
    (\$pos1)];:set PrintTime  [:pick \$content (\$pos1+1) \$pos2];:set IsFirst\
    Use [:pick \$content (\$pos2+1) (\$pos3)];:if (\$IsFirstUse = true) do={:s\
    et Mac [/ip hotspot active get [find user=\$username] mac-address];};[/ip \
    hotspot user set \$user mac-address=\$Mac comment=(\$Systemdate . \"!\" . \
    \$systemTime . \"%\" . \$PrintDate . \"!\" . \$PrintTime . \"^\" . \$Syste\
    mdate . \"!\" . \$systemTime . \"*\" . \$limitBytesTotal . \"&\" . \$Limit\
    Uptime)];};};};\
    \n\
    \n" on-logout=" {:local content [ /ip hotspot user get \$user comment ];:l\
    ocal Uuptime [ /ip hotspot user get \$user uptime];:local LimitUptime [ /i\
    p hotspot user get \$user limit-uptime ];:local limitBytesTotal [ /ip hots\
    pot user get \$user limit-bytes-total];:local bytesOut [ /ip hotspot user \
    get \$user bytes-out];:local IscommentAnd [ :find \$content \"&\" ];:local\
    \_IscommentStar [ :find \$content \"*\" ];:if ( \$IscommentAnd >= 0 && \$I\
    scommentStar >=0) do={:local pos1 [:find \$content \"*\"];:local pos2 [:le\
    n \$content];:local comment [:pick \$content 0 (\$pos1) ]; :local Timeleft\
    ;:local Sizletf;:if ([:len \$LimitUptime] = 0)   do={ :set Timeleft unlimi\
    ted};:if ([:len \$LimitUptime] != 0)   do={  :set Timeleft (\$LimitUptime \
    - \$Uuptime);};:if ([:len \$limitBytesTotal] = 0)    do={ :set Sizletf unl\
    imited};:if ([:len \$limitBytesTotal] != 0)    do={:set Sizletf (\$limitBy\
    tesTotal - \$bytesOut);};[/ip  hotspot user set \$user comment=(\$comment \
    . \"*\" . \$Sizletf . \"&\" . \$Timeleft)];};}; \
    \n\
    \n" rate-limit=400k/1500k
/system logging action
set 0 memory-lines=5000
set 1 disk-lines-per-file=10000
add disk-file-name=disk1/log name=usb target=disk
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge nat
add action=drop chain=dstnat src-mac-address=\
    00:00:00:00:00:01/FF:FF:FF:FF:FF:FF
/interface bridge port
add bridge=OUT interface=LAN
/ip neighbor discovery-settings
set discover-interface-list=none
/interface l2tp-server server
set use-ipsec=yes
/interface list member
add interface=OUT list=Out-List
add interface=AP-1 list=Out-List
add interface=AP-2 list=Out-List
add interface=AP-3 list=Out-List
add interface=AP-4 list=Out-List
add interface=AP-5 list=Out-List
add interface=AP-6 list=Out-List
add interface=AP-7 list=Out-List
add interface=AP-8 list=Out-List
add interface=AP-9 list=Out-List
add interface=AP-10 list=Out-List
add interface=APH2 list=Out-List
/ip address
add address=172.16.1.1/24 interface=AP-1 network=172.16.1.0
add address=172.16.2.1/24 interface=AP-2 network=172.16.2.0
add address=172.16.3.1/24 interface=AP-3 network=172.16.3.0
add address=172.16.4.1/24 interface=AP-4 network=172.16.4.0
add address=172.16.5.1/24 interface=AP-5 network=172.16.5.0
add address=172.16.6.1/24 interface=AP-6 network=172.16.6.0
add address=172.16.7.1/24 interface=AP-7 network=172.16.7.0
add address=172.16.8.1/24 interface=AP-8 network=172.16.8.0
add address=172.16.9.1/24 interface=AP-9 network=172.16.9.0
add address=172.16.10.1/24 interface=AP-10 network=172.16.10.0
add address=172.16.52.1/24 interface=APH2 network=172.16.52.0
add address=10.76.0.1/16 interface=OUT network=10.76.0.0
/ip arp
add address=172.16.2.8 interface=OUT mac-address=30:32:35:88:4F:4E
add address=172.16.6.10 interface=OUT mac-address=7C:B3:7B:A2:96:16
add address=10.76.255.252 interface=OUT mac-address=36:4D:B0:1D:26:4C
/ip cloud
set ddns-enabled=yes
/ip dhcp-server lease
add address=172.16.2.8 mac-address=30:32:35:88:4F:4E
add address=172.16.6.10 mac-address=7C:B3:7B:A2:96:16
/ip dhcp-server network
add address=10.76.0.0/16 gateway=10.76.0.1 ntp-server=10.76.0.1
add address=172.16.1.0/24 gateway=172.16.1.1 ntp-server=172.16.1.1
add address=172.16.2.0/24 gateway=172.16.2.1 ntp-server=172.16.2.1
add address=172.16.3.0/24 gateway=172.16.3.1 ntp-server=172.16.3.1
add address=172.16.4.0/24 gateway=172.16.4.1 ntp-server=172.16.4.1
add address=172.16.5.0/24 gateway=172.16.5.1 ntp-server=172.16.5.1
add address=172.16.6.0/24 gateway=172.16.6.1 ntp-server=172.16.6.1
add address=172.16.7.0/24 gateway=172.16.7.1 ntp-server=172.16.7.1
add address=172.16.8.0/24 gateway=172.16.8.1 ntp-server=172.16.8.1
add address=172.16.9.0/24 gateway=172.16.9.1 ntp-server=172.16.9.1
add address=172.16.10.0/24 gateway=172.16.10.1 ntp-server=172.16.10.1
add address=172.16.52.0/24 gateway=172.16.52.1 ntp-server=172.16.52.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=2d16h cache-size=30000KiB \
    max-concurrent-queries=10000 max-concurrent-tcp-sessions=10000 \
    max-udp-packet-size=30000 query-server-timeout=10s query-total-timeout=\
    30s servers=8.8.8.8,8.8.4.4
/ip dns static
add address=216.239.38.120 comment="Secure Search" name=google.com
add address=216.239.38.120 comment="Secure Search" name=www.google.com
add address=216.239.38.120 comment="Secure Search" name=https://google.com
add address=216.239.38.120 comment="Secure Search" name=\
    https://www.google.com
add address=216.239.38.120 comment="Secure Search" name=google.com.mx
add address=216.239.38.120 comment="Secure Search" name=www.google.com.mx
add address=216.239.38.120 comment="Secure Search" name=https://google.com.mx
add address=216.239.38.120 comment="Secure Search" name=\
    https://www.google.com.mx
/ip firewall address-list
add address=10.76.0.0/16 list=NETWORK
add address=172.16.0.0/16 list=NETWORK
add address=10.76.0.0/24 list=ANTENA
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=\
    not_in_internet
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=drop chain=input comment=Freedom_akrm.alqadsi disabled=yes \
    layer7-protocol=AKfreedom
add action=drop chain=pre-hs-input comment=Freedom_akrm.alqadsi disabled=yes \
    layer7-protocol=AKfreedom
add action=reject chain=input content=freedom reject-with=\
    icmp-network-unreachable
add action=drop chain=input content=freedom
add action=reject chain=output content=freedom reject-with=\
    icmp-network-unreachable
add action=drop chain=output content=freedom
add action=drop chain=input dst-port=53 in-interface=WAN protocol=udp
add action=accept chain=input dst-port=53 in-interface-list=Out-List limit=\
    2500,5:packet protocol=udp
add action=drop chain=input dst-port=53 in-interface-list=Out-List limit=\
    2500,5:packet protocol=udp
add action=accept chain=forward connection-state=\
    established,related,untracked
add action=accept chain=input connection-state=established,related,untracked
add action=drop chain=forward connection-state=invalid
add action=drop chain=input connection-state=invalid
add action=fasttrack-connection chain=output port=53 protocol=udp
add action=accept chain=output port=53 protocol=udp
add action=drop chain=input dst-port=53 in-interface=4Mbps protocol=\
    tcp
add action=drop chain=input dst-port=53 in-interface=4Mbps protocol=\
    udp
add action=fasttrack-connection chain=forward comment=FastTrack \
    connection-state=established,related
add action=accept chain=forward comment="Established, Related" \
    connection-state=established,related
add action=drop chain=forward comment="Drop invalid" connection-state=invalid \
    log=yes log-prefix=invalid
add action=drop chain=forward comment=\
    "Drop tries to reach not public addresses from LAN" dst-address-list=\
    not_in_internet in-interface=OUT log=yes log-prefix=!public_from_LAN \
    out-interface=!OUT
add action=drop chain=forward comment=\
    "Drop incoming packets that are not NATted" connection-nat-state=!dstnat \
    connection-state=new in-interface=WAN log=yes log-prefix=!NAT
add action=drop chain=forward comment=\
    "Drop incoming from internet which is not public IP" in-interface=WAN \
    log=yes log-prefix=!public src-address-list=not_in_internet
add action=drop chain=forward comment=\
    "Drop packets from LAN that do not have LAN IP" in-interface=OUT log=yes \
    log-prefix=LAN_!LAN src-address=!10.76.0.0/16
/ip firewall mangle
add action=accept chain=prerouting dst-address-list=ANTENA in-interface-list=\
    Out-List
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.76.0.0/16
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=172.16.1.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=172.16.2.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=172.16.3.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=172.16.4.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=172.16.5.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=172.16.6.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=172.16.7.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=172.16.8.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=172.16.9.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=172.16.10.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=172.16.52.0/24
/ip hotspot ip-binding
add address=10.76.0.11 comment="AP-1 Lan0" mac-address=E0:63:DA:DF:78:95 \
    type=bypassed
add address=10.76.0.12 comment="AP-2 Lan0" mac-address=E0:63:DA:DF:76:CE \
    type=bypassed
add address=10.76.0.12 comment="AP-2 Lan1" mac-address=E2:63:DA:DF:76:CE \
    type=bypassed
add address=10.76.0.13 comment="AP-3 Lan0" mac-address=E0:63:DA:DF:77:74 \
    type=bypassed
add address=10.76.0.13 comment="AP-3 Lan1" mac-address=E2:63:DA:DF:77:74 \
    type=bypassed
add address=10.76.0.14 comment="AP-4 Lan0" mac-address=78:8A:20:A7:C3:42 \
    type=bypassed
add address=10.76.0.14 comment="AP-4 Lan1" mac-address=7A:8A:20:A7:C3:42 \
    type=bypassed
add address=10.76.0.15 comment="AP-5 Lan0" mac-address=78:8A:20:A7:C2:3C \
    type=bypassed
add address=10.76.0.16 comment="AP-6 Lan0" mac-address=F4:92:BF:B1:D3:5F \
    type=bypassed
add address=10.76.0.16 comment="AP-6 Lan1" mac-address=F6:92:BF:B1:D3:5F \
    type=bypassed
add address=10.76.0.17 comment=AP-7 mac-address=20:0D:B0:8F:17:05 type=\
    bypassed
add address=10.76.0.18 comment=AP-8 mac-address=20:0D:B0:8F:16:6F type=\
    bypassed
add address=10.76.0.101 comment="S-1 Lan0" mac-address=68:D7:9A:BA:F7:55 \
    type=bypassed
add address=10.76.0.102 comment="S-2 Lan0" mac-address=68:D7:9A:BB:FB:FF \
    type=bypassed
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=8070
set ssh disabled=yes port=2032
set api port=4976
set winbox port=4978
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/ppp aaa
set use-radius=yes
/radius
add accounting-backup=yes address=127.0.0.1 disabled=yes service=\
    ppp,login,hotspot,dhcp timeout=3s
/radius incoming
set accept=yes
/system clock
set time-zone-name=Asia/Aden
/system identity
set name=Yemen
/system package update
set channel=long-term
/system scheduler
add interval=5m name=LG_Mac on-event="if ( [/file get [/file find name=duplica\
    te-mac.txt] size] > 0 ) do={ \r\
    \n:local allmac [/file get [/file find name=\"duplicate-mac.txt\"] content\
    s] ;\r\
    \n:local allmaclen [ :len \$allmac ] ;\r\
    \n:local linenum ((\$allmaclen -1)/18);\r\
    \n:local n 0;\r\
    \n:for i from=1 to=\$linenum do={\r\
    \n:local lgmac [:pick \$allmac \$n (\$n+17)] ;\r\
    \n:set n (\$i*19); \r\
    \n/ip hotspot cookie remove [find where mac-address=\$lgmac];\r\
    \n}\r\
    \n}\r\
    \n" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add interval=6h name=Disable_ExpirUser_Hotspot on-event=\
    Disable_ExpirUser_Hotspot policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=aug/12/2021 start-time=23:58:13
add interval=10m name=Save_Session_TimeLeft on-event=Save_Session_TimeLeft \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=aug/12/2021 start-time=23:58:13
add name=Check_Session_TimeLeft_After_Shutdown on-event=\
    Check_Session_TimeLeft_After_Shutdown policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add disabled=yes interval=5m name=ActiveHotspot on-event="/ip hotspot active\r\
    \n:foreach i in=[find] do={\r\
    \n:global mac [get \$i mac-address]\r\
    \n:global us [get \$i user]\r\
    \n/ip hotspot user\r\
    \n:foreach nm in=[find name=\$us] do={\r\
    \n:global mac2 [get \$nm mac-address]\r\
    \n:if ([find mac-address] =\"\") do={ set \$nm mac-address=\"\$mac\"\r\
    \n}}}" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
add dont-require-permissions=no name=Disable_ExpirUser_Hotspot owner=Yemen \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    source=" {#Created By Soliman alsaidi;\r\
    \n:global NumberToday;:global NumberMinute;{:local date [ /system clock ge\
    t date ];:local montharray ( \"jan\",\"feb\",\"mar\",\"apr\",\"may\",\"jun\
    \",\"jul\",\"aug\",\"sep\",\"oct\",\"nov\",\"dec\" );:local monthdays ( 31\
    , 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 );:local days [ :pick \$date \
    4 6 ];:local monthtxt [ :pick \$date 0 3 ];:local year [ :pick \$date 7 11\
    \_];:local months ([ :find \$montharray \$monthtxt] );:for nodays from=0 t\
    o=\$months do={:set days ( \$days + [ :pick \$monthdays \$nodays ] );};:se\
    t days (\$days + \$year * 365);:set NumberToday \$days;:local systemTime [\
    /system clock get time];:local hour [ :pick \$systemTime 0 2 ];:local mint\
    \_[ :pick \$systemTime 3 5 ];:local mintNow ((\$hour*60)+\$mint);:local mi\
    ntNowXnumberToday (\$mintNow+(\$NumberToday*24*60));:set NumberMinute \$mi\
    ntNowXnumberToday;};:foreach i in [ /ip hotspot user find where disabled=n\
    o ] do={:if ([ :find [ /ip hotspot user get \$i comment ] ] = 0 ) do={:loc\
    al dateLogIn;:local TimeLogIn;:local ValidatType;:local SessionTimeLeft;:l\
    ocal SizeLeft;:local offsetCut;:local price;:local PrintDate;:local TimePr\
    int;:local ProfileName;:local LastLogin;:local timeLastLogin;:local commen\
    t [ /ip hotspot user get \$i comment ];:local contentEmail [ /ip hotspot u\
    ser get \$i email ];:local Iscomment [ :find \$comment \"^\" ];:local Isem\
    ail   [ :find \$contentEmail \"%\" ];:if ( \$Iscomment >= 0 && \$Isemail >\
    = 0 ) do={:local pos1 [:find \$comment \"!\"];:local pos8 [:len \$comment]\
    ;:local pos2 ([:find [:pick \$comment (\$pos1+1) \$pos8] \"%\"]+\$pos1+1);\
    :local pos3 ([:find [:pick \$comment (\$pos2+1) \$pos8] \"!\"]+\$pos2);:lo\
    cal pos4 ([:find [:pick \$comment (\$pos3+1) \$pos8] \"^\"]+\$pos3);:local\
    \_pos5 ([:find [:pick \$comment (\$pos4+1) \$pos8] \"!\"]+\$pos4);:local p\
    os6 ([:find [:pick \$comment (\$pos5+1) \$pos8] \"*\"]+\$pos5);:local pos7\
    \_([:find [:pick \$comment (\$pos6+1) \$pos8] \"&\"]+\$pos6);:set dateLogI\
    n [:pick \$comment 0 (\$pos1)];:set TimeLogIn [:pick \$comment (\$pos1+1) \
    \$pos2];:set PrintDate [:pick \$comment (\$pos2+1) (\$pos3+1)];:set TimePr\
    int      [:pick \$comment (\$pos3+2) (\$pos4+1)];:set LastLogin [:pick \$c\
    omment (\$pos4+2) (\$pos5+1)] ;:set timeLastLogin [:pick \$comment (\$pos5\
    +2) (\$pos6+1)];  :set SizeLeft [:pick \$comment (\$pos6+2) (\$pos7+1)];:s\
    et SessionTimeLeft [:pick \$comment (\$pos7+2) (\$pos8)];:set pos1 [:find \
    \$contentEmail \"!\"];:set pos4 [:len \$contentEmail];:set pos2 ([:find [:\
    pick \$contentEmail (\$pos1+1) \$pos4] \"%\"]+\$pos1+1);:set pos3 ([:find \
    [:pick \$contentEmail (\$pos2+1) \$pos4] \"@\"]+\$pos2);:set pos4 ([:find \
    [:pick \$contentEmail (\$pos3+1) \$pos4] \".\"]+\$pos3);:set offsetCut [:p\
    ick \$contentEmail 0 (\$pos1)];:set ProfileName [:pick \$contentEmail (\$p\
    os1+1) \$pos2];:set price [:pick \$contentEmail (\$pos2+1) (\$pos3+1)];:se\
    t ValidatType [:pick \$contentEmail (\$pos3+2) (\$pos4+1)];:local montharr\
    ayUser ( \"jan\",\"feb\",\"mar\",\"apr\",\"may\",\"jun\",\"jul\",\"aug\",\
    \"sep\",\"oct\",\"nov\",\"dec\" );:local monthdaysUser ( 31, 28, 31, 30, 3\
    1, 30, 31, 31, 30, 31, 30, 31 );:local daysUser [ :pick \$dateLogIn 4 6 ];\
    :local monthtxtUser [ :pick \$dateLogIn 0 3 ];:local yearUser [ :pick \$da\
    teLogIn 7 11 ];:local monthsUser ( [ :find \$montharrayUser \$monthtxtUser\
    \_] );:for nodaysUser from=0 to=\$monthsUser do={:set daysUser ( \$daysUse\
    r + [ :pick \$monthdaysUser \$nodaysUser ] );};:set daysUser (\$daysUser +\
    \_\$yearUser * 365);:local hourUser [ :pick \$TimeLogIn 0 2 ];:local mintU\
    ser [ :pick \$TimeLogIn 3 5 ];:local mintNowUser ((\$hourUser*60)+\$mintUs\
    er);:local CardMinut (\$mintNowUser+((\$daysUser + \$offsetCut)*24*60));  \
    :if ( \$ValidatType = \"h\" ) do={:if ( \$CardMinut <= \$NumberMinute ) do\
    ={:local name [/ip hotspot user get \$i name];:log info \"HOTSPOT Expir Sc\
    ript: Disabling Hotspot user (\$name) --> first logged in --> (\$dateLogIn\
    ) ---> By SmartCreator\";[ /ip hotspot user disable \$name ];[ /ip hotspot\
    \_active remove [find where user=\$name]];};};:if ( \$ValidatType = \"d\" \
    ) do={:if (( \$offsetCut+\$daysUser) >  \$NumberToday ) do={:local DaysSub\
    \_(\$offsetCut-(\$NumberToday - \$daysUser));:if ( \$DaysSub > 0 ) do={[/i\
    p  hotspot user set \$i limit-uptime=(\$DaysSub *(24*60*60))];};};};};};};\
    };}; "
add dont-require-permissions=no name=Save_Session_TimeLeft owner=Yemen \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    source="{:foreach i in [ /ip hotspot active find where !radius ] do={:loca\
    l SessionTimeLeft [ /ip hotspot active get \$i session-time-left];:local S\
    izeTimeLeft [ /ip hotspot active get \$i limit-bytes-total];:local usernam\
    e [ /ip hotspot active get \$i user];:local content [ /ip hotspot user get\
    \_\$username comment ];:if ([:len \$SessionTimeLeft] = 0)   do={ set Sessi\
    onTimeLeft unlimited};:if ([:len \$SizeTimeLeft] = 0) do={ set SizeTimeLef\
    t unlimited};:local IscommentAnd [ :find \$content \"&\" ];:local Iscommen\
    tStar [ :find \$content \"*\" ];:if ( \$IscommentAnd >= 0 && \$IscommentSt\
    ar >=0) do={:local pos1 [:find \$content \"*\"];:local pos2 [:len \$conten\
    t];:local SubComment [:pick \$content 0 (\$pos1) ];[/ip  hotspot user set \
    \$username comment=(\$SubComment . \"*\" . \$SizeTimeLeft . \"&\" . \$Sess\
    ionTimeLeft)];};};}; "
add dont-require-permissions=no name=Check_Session_TimeLeft_After_Shutdown \
    owner=Yemen policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=" \
    {:foreach i in [ /ip hotspot user find where disabled=no] do={:local name \
    [ /ip hotspot user get \$i name ];:local content [ /ip hotspot user get \$\
    i comment ];:local uptime [ /ip hotspot user get \$i uptime ];:local limit\
    Uptime [ /ip hotspot user get \$i limit-uptime ];:local limitBytesTotal [ \
    /ip hotspot user get \$i limit-bytes-total];:local bytesOut [ /ip hotspot \
    user get \$i bytes-out];:local IscommentAnd [ :find \$content \"&\" ];:loc\
    al IscommentStar [ :find \$content \"*\" ];:if ( \$IscommentAnd >= 0 && \$\
    IscommentStar >=0) do={:local SubComment;:local Sizletf;:local Timeleft;:l\
    ocal pos1 [:find \$content \"*\"];:local pos3 [:len \$content];:local pos2\
    \_([:find [:pick \$content (\$pos1+1) \$pos3] \"&\"]+\$pos1+1);:set SubCom\
    ment [:pick \$content 0 (\$pos1)];:set Sizletf    [:pick \$content (\$pos1\
    +1) \$pos2];:set Timeleft   [:pick \$content (\$pos2+1) (\$pos3)];:if ( ([\
    :totime \$Timeleft] > 00:00:00) && \$Timeleft != \"unlimited\" ) do={:if (\
    \_\$Timeleft < (\$limitUptime - \$uptime)) do={[/ip  hotspot user set \$na\
    me limit-uptime= (\$Timeleft + \$uptime )];};};:if (\$Sizletf < \$limitByt\
    esTotal && \$Sizletf !=\"unlimited\" ) do={:if ( \$Sizletf < (\$limitBytes\
    Total - \$bytesOut)) do={[ /ip  hotspot user set \$name limit-bytes-total=\
    \_(\$Sizletf + \$bytesOut )];};};};};}; "
add dont-require-permissions=no name=Automaticallybackups owner=Yemen \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    source="# Automatically backups.\r\
    \n:log warning \"Start Backup MikroTik Router . . . \"\r\
    \n/system backup cloud upload-file action=create-and-upload name=([/system\
    \_identity get name]) replace=([/system identity get name])  password=dH4_\
    KNZU:r#v*pfD>u);]t-3L6{my}5~sAa`[^MT@q!PB8h\r\
    \n:delay 60s\r\
    \n:log warning \"Backup completed successfully.\"\r\
    \n"
add dont-require-permissions=no name=SmartErorrCards owner=Yemen policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    ""
add dont-require-permissions=no name=SmartErorrProfile owner=Yemen policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    ""
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no
/tool netwatch
add down-script="{:beep length=3 frequency=1100; :log warning message=\"There'\
    s no internet\";:while ([/tool netwatch find where status=down]) do={:beep\
    \_length=500ms frequency=1100;:delay delay-time=15s;}}" host=8.8.8.8 \
    timeout=10s
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11483
Joined: Thu Mar 03, 2016 10:23 pm

Re: Are the settings of the Vlan for the 1100AHx4 router correct and what are the correct settings?

Thu Oct 21, 2021 8:30 am

Which problems exactly are you facing? Without knowing them we're just shooting in the dark.

One thing that doesn't seem right is MAC address assigned to bridge OUT, which is not valid localy administered MAC address.

As to the rest of VLAN-specific config: since ether2 is the only port member of bridge it is not strictly necessary to use bridge ... but it's not wrong either. You're using bridge as dumb bridge (not dealing with VLANs), which is not wrong but it's not exactly according to contemporary ROS configuration recommendations (bridge should have appropriate config in /interface bridge vlan and corresponding config in /interface bridge port ... after that's done, set vlan-filtering=yes).
But as I wrote, this part is not wrong and should not break things.
 
User avatar
Sahafi2001
newbie
Topic Author
Posts: 41
Joined: Mon Apr 12, 2021 3:22 pm
Contact:

Re: Are the settings of the Vlan for the 1100AHx4 router correct and what are the correct settings?

Thu Oct 21, 2021 3:23 pm

Which problems exactly are you facing? Without knowing them we're just shooting in the dark.

One thing that doesn't seem right is MAC address assigned to bridge OUT, which is not valid localy administered MAC address.

As to the rest of VLAN-specific config: since ether2 is the only port member of bridge it is not strictly necessary to use bridge ... but it's not wrong either. You're using bridge as dumb bridge (not dealing with VLANs), which is not wrong but it's not exactly according to contemporary ROS configuration recommendations (bridge should have appropriate config in /interface bridge vlan and corresponding config in /interface bridge port ... after that's done, set vlan-filtering=yes).
But as I wrote, this part is not wrong and should not break things.
There is a slow connection and many programmers tell me to cancel it as you said, but the problem is that I do not know how to do it in the right way, in addition to that I want to take advantage of the hardware load and switch cpu feature
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11483
Joined: Thu Mar 03, 2016 10:23 pm

Re: Are the settings of the Vlan for the 1100AHx4 router correct and what are the correct settings?

Thu Oct 21, 2021 3:42 pm

Switch chip features can only be used for passing traffic between ports served by same switch and within same VLAN. So if you used two trunk ports with same VLAN settings (e.g. ether3 in addition to ether2), then switch chip could move traffic between ether2 and ether3 and that traffic would not be seen by CPU. As you only have one port, switch chip can only move traffic between that port and CPU itself.
In any case, routing between VLANs on your device is always done by CPU, so even if you used more than one ethernet port, traffic between VLAN A on port X and VLAN B on any port (either X or Y) would still have to pass CPU.

So in your particular case, there's no use of neither switch chip nor bridge.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11483
Joined: Thu Mar 03, 2016 10:23 pm

Re: Are the settings of the Vlan for the 1100AHx4 router correct and what are the correct settings?

Thu Oct 21, 2021 3:46 pm

As to the low performance: you might want to run sniffer to see if router imposes some delay. The other thing to check is actual ethernet port speed (execute /interface ethernet monitor LAN once and verify that actual rate is as expected/wanted.
 
User avatar
Sahafi2001
newbie
Topic Author
Posts: 41
Joined: Mon Apr 12, 2021 3:22 pm
Contact:

Re: Are the settings of the Vlan for the 1100AHx4 router correct and what are the correct settings?

Thu Oct 21, 2021 5:02 pm

As to the low performance: you might want to run sniffer to see if router imposes some delay. The other thing to check is actual ethernet port speed (execute /interface ethernet monitor LAN once and verify that actual rate is as expected/wanted.
Thank you so much but if you don't mind.. Could you show me how?

Who is online

Users browsing this forum: Google [Bot], Josephny, natman, pajapatak, Seekport [Bot] and 57 guests