Here is my config:
Code: Select all
# jul/11/2022 19:22:02 by RouterOS 6.49.6
# software id = KBW6-858X
#
# model = RBD52G-5HacD2HnD
# serial number = E5780E671B76
/caps-man channel
add band=2ghz-b/g/n extension-channel=XX name=channe24 reselect-interval=1d \
save-selected=yes
add band=5ghz-a/n/ac extension-channel=XXXX name=channel50 reselect-interval=\
1d save-selected=yes
/interface bridge
add admin-mac=2C:C8:1B:67:2A:A1 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] advertise="10M-half,10M-full,100M-half,100M-f\
ull,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full"
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 \
use-peer-dns=yes user=u178462
/interface wireless
# managed by CAPsMAN
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=\
MikroTik-672AA5 wireless-protocol=802.11
# managed by CAPsMAN
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX distance=indoors frequency=auto installation=indoor \
mode=ap-bridge ssid=MikroTik-672AA6 wireless-protocol=802.11
/caps-man datapath
add bridge=bridge client-to-client-forwarding=yes local-forwarding=yes name=\
datapath1
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
name=security1
/caps-man configuration
add channel=channe24 datapath=datapath1 mode=ap name=cfg24 rx-chains=0,1,2 \
security=security1 ssid=MomoKL tx-chains=0,1,2
add channel=channel50 channel.band=2ghz-b country=no_country_set datapath=\
datapath1 mode=ap name=cfg50 rx-chains=0,1,2 security=security1 ssid=\
MomoKL5 tx-chains=0,1,2
add channel.band=5ghz-n/ac channel.control-channel-width=20mhz \
channel.extension-channel=XXXX country=no_country_set \
datapath.client-to-client-forwarding=yes datapath.local-forwarding=yes \
name=cfg-5ghz-ac security=security1 ssid=""
add channel.band=5ghz-onlyn channel.control-channel-width=20mhz \
channel.extension-channel=XX country=no_country_set \
datapath.client-to-client-forwarding=yes datapath.local-forwarding=yes \
name=cfg-5ghz-an security=security1 ssid=""
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp ranges=192.168.10.100-192.168.10.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/caps-man aaa
set mac-mode=as-username-and-password
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=a,ac,an \
master-configuration=cfg50 name-format=prefix-identity name-prefix=5G
add action=create-dynamic-enabled hw-supported-modes=b,g,gn \
master-configuration=cfg24 name-format=prefix-identity name-prefix=2G
add action=create-dynamic-enabled hw-supported-modes=ac master-configuration=\
cfg-5ghz-ac name-format=prefix-identity name-prefix=5ghz-ac
add action=create-dynamic-enabled hw-supported-modes=an master-configuration=\
cfg-5ghz-an name-format=prefix-identity name-prefix=5ghz-an
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=pppoe-out1 list=WAN
/interface wireless cap
#
set bridge=bridge discovery-interfaces=bridge,wlan1,wlan2 enabled=yes \
interfaces=wlan1,wlan2
/ip address
add address=192.168.10.1/24 comment=defconf interface=bridge network=\
192.168.10.0
add address=192.168.0.1/24 interface=bridge network=192.168.0.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server lease
add address=192.168.10.11 client-id=1:4c:11:bf:7c:e8:35 mac-address=\
4C:11:BF:7C:E8:35 server=defconf
add address=192.168.10.12 client-id=1:4c:11:bf:7c:e8:33 mac-address=\
4C:11:BF:7C:E8:33 server=defconf
add address=192.168.10.20 client-id=1:bc:32:5f:af:99:ab mac-address=\
BC:32:5F:AF:99:AB server=defconf
add address=192.168.10.23 client-id=1:6c:1c:71:68:7f:f8 mac-address=\
6C:1C:71:68:7F:F8 server=defconf
add address=192.168.10.24 client-id=1:6c:1c:71:a3:9:db mac-address=\
6C:1C:71:A3:09:DB server=defconf
add address=192.168.10.22 client-id=1:6c:1c:71:80:1:53 mac-address=\
6C:1C:71:80:01:53 server=defconf
add address=192.168.10.29 client-id=1:6c:1c:71:a3:9:c7 mac-address=\
6C:1C:71:A3:09:C7 server=defconf
add address=192.168.10.30 client-id=1:6c:1c:71:a3:9:e1 mac-address=\
6C:1C:71:A3:09:E1 server=defconf
add address=192.168.10.28 client-id=1:6c:1c:71:a3:9:f1 mac-address=\
6C:1C:71:A3:09:F1 server=defconf
add address=192.168.10.27 client-id=1:24:52:6a:1b:c9:de mac-address=\
24:52:6A:1B:C9:DE server=defconf
add address=192.168.10.26 client-id=1:6c:1c:71:68:82:7e mac-address=\
6C:1C:71:68:82:7E server=defconf
add address=192.168.10.25 client-id=1:6c:1c:71:68:7f:e9 mac-address=\
6C:1C:71:68:7F:E9 server=defconf
/ip dhcp-server network
add address=192.168.10.0/24 comment=defconf gateway=192.168.10.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.0.1 comment=defconf disabled=yes name=router.lan
add address=192.168.10.1 comment=defconf disabled=yes name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept WINBOX" dst-port=38291 \
protocol=tcp
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=\
192.168.10.1
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=192.168.1.1
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="Sub nautica" dst-port=xxxxx \
protocol=udp to-addresses=194.44.57.80 to-ports=xxxxx
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api port=38728
set winbox port=38291
set api-ssl port=38729
/system clock
set time-zone-name=Europe/Kiev
/system identity
set name=MikroTikIKK
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool romon
set enabled=yes