[admin@Sklad-1piano] > export
# dec/14/2021 12:42:39 by RouterOS 6.49.2
# software id = 82QZ-0RQM
#
# model = RouterBOARD 952Ui-5ac2nD
# serial number = 71B106F6D38F
/caps-man channel
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled \
frequency=2412 name=channel1 tx-power=2
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
frequency=2437 name=channel6
add band=5ghz-a/n/ac frequency=5200 name="channel2(5G)"
/interface bridge
add admin-mac=6C:3B:6B:66:EE:69 auto-mac=no comment=defconf fast-forward=no \
name=bridge
/interface ethernet
set [ find default-name=ether1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether2 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full \
auto-negotiation=no loop-protect=off name=ether2-master
set [ find default-name=ether3 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether4 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether5 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface wireless
# managed by CAPsMAN
# channel: 2412/20/gn(2dBm), SSID: Italia-Staff2, CAPsMAN forwarding
set [ find default-name=wlan1 ] antenna-gain=0 country=no_country_set \
frequency-mode=manual-txpower ssid=MikroTik station-roaming=enabled
# managed by CAPsMAN
# channel: 5200/20-eCee/ac/P(20dBm), SSID: ItaliaOffice-5GHz, CAPsMAN forwarding
set [ find default-name=wlan2 ] antenna-gain=0 country=no_country_set \
frequency-mode=manual-txpower ssid=MikroTik station-roaming=enabled
/caps-man datapath
add bridge=bridge client-to-client-forwarding=yes l2mtu=1598 mtu=1500 name=\
datapath1
/caps-man security
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm group-encryption=\
aes-ccm group-key-update=10m name="Italia sklad" passphrase=Bocconi6
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm group-encryption=\
aes-ccm group-key-update=10m name="Italia office" passphrase=\
ItaliaUfficio012016
/caps-man configuration
add channel=channel1 country=russia datapath=datapath1 installation=indoor \
mode=ap name=Sklad-Sopra security="Italia sklad" ssid=Italia-Staff2
add channel=channel6 country=russia datapath=datapath1 installation=indoor \
mode=ap name=Sklad-Interrato security="Italia sklad" ssid=Italia-Staff2
add channel=channel1 country=russia datapath=datapath1 installation=indoor \
mode=ap name=Office2G-Sopra security="Italia office" ssid=ItaliaOffice
add channel="channel2(5G)" country=russia datapath=datapath1 installation=\
indoor mode=ap name=Office5G security="Italia office" ssid=\
ItaliaOffice-5GHz
add channel=channel6 country=russia datapath=datapath1 installation=indoor \
mode=ap name=Office2G-Interrato security="Italia office" ssid=ItaliaOffice
/caps-man interface
add configuration=Sklad-Interrato disabled=no l2mtu=1598 mac-address=\
74:4D:28:CF:9C:36 master-interface=none name=Interrato1 radio-mac=\
74:4D:28:CF:9C:36 radio-name=744D28CF9C36
add configuration=Office2G-Interrato disabled=no l2mtu=1598 mac-address=\
76:4D:28:CF:9C:36 master-interface=Interrato1 name=Interrato1-1 radio-mac=\
00:00:00:00:00:00 radio-name=764D28CF9C36
add configuration=Office5G disabled=no l2mtu=1598 mac-address=6C:3B:6B:66:EE:6D \
master-interface=none name=Sklad-Capsman-1 radio-mac=6C:3B:6B:66:EE:6D \
radio-name=6C3B6B66EE6D
add configuration=Sklad-Sopra disabled=no l2mtu=1598 mac-address=\
6C:3B:6B:66:EE:6E master-interface=none name=Sopra1 radio-mac=\
6C:3B:6B:66:EE:6E radio-name=6C3B6B66EE6E
add configuration=Office2G-Sopra disabled=no l2mtu=1598 mac-address=\
6E:3B:6B:66:EE:6E master-interface=Sopra1 name=Sopra1-1 radio-mac=\
00:00:00:00:00:00 radio-name=6E3B6B66EE6E
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=Bocconi6 \
wpa2-pre-shared-key=Bocconi6
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp authoritative=after-2sec-delay interface=bridge \
name=defconf
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,passw\
ord,web,sniff,sensitive,api,romon,dude,tikapp"
/caps-man access-list
add action=accept allow-signal-out-of-range=3s disabled=no interface=all \
signal-range=-87..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=1s disabled=no interface=all \
signal-range=-120..-88 ssid-regexp=""
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-enabled master-configuration=Sklad-Sopra name-format=prefix \
name-prefix=Sopra radio-mac=6C:3B:6B:66:EE:6E slave-configurations=\
Office2G-Sopra
add action=create-enabled master-configuration=Sklad-Interrato name-format=\
prefix name-prefix=Interrato radio-mac=74:4D:28:CF:9C:36 \
slave-configurations=Office2G-Interrato
add action=create-enabled master-configuration=Office5G name-format=identity \
name-prefix="sopra 5GHz" radio-mac=6C:3B:6B:66:EE:6D
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface wireless cap
#
set bridge=bridge caps-man-addresses=127.0.0.1 discovery-interfaces=bridge \
enabled=yes interfaces=wlan1,wlan2
/ip address
add address=192.168.88.193/24 comment=defconf interface=ether2-master network=\
192.168.88.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.194 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.193 name=router
/ip firewall filter
add action=accept chain=input in-interface=bridge protocol=udp src-address=\
192.168.88.194
add action=accept chain=output out-interface=bridge protocol=udp
add action=accept chain=input connection-state="" in-interface=bridge protocol=\
udp src-address=127.0.0.1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes \
out-interface=ether1
/ip route
add distance=1 gateway=192.168.88.1
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name=Sklad-1piano
/system scheduler
add interval=1d name=reboot-5.30am on-event="/system reboot" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=jan/17/2017 start-time=05:30:00
[admin@Sklad-1piano] >
REMOTE CAP:
admin@Sklad-Interrato] > export
# dec/14/2021 12:44:45 by RouterOS 6.49.2
# software id = C5Y0-70R5
#
# model = RB941-2nD
# serial number = A1C30A2294AA
/interface wireless
# managed by CAPsMAN
# channel: 2437/20/gn(20dBm), SSID: Italia-Staff2, CAPsMAN forwarding
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=\
20/40mhz-Ce country=no_country_set distance=indoors frequency=auto \
frequency-mode=manual-txpower mode=ap-bridge ssid=MikroTik-CF9C36 \
station-roaming=enabled wireless-protocol=802.11
/interface bridge
add admin-mac=74:4D:28:CF:9C:32 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether2 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether3 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether4 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,passw\
ord,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add comment=defconf interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=wlan1 list=LAN
/interface wireless cap
#
set caps-man-addresses=192.168.88.193 discovery-interfaces=ether4 enabled=yes \
interfaces=wlan1
/ip address
add address=192.168.88.194/24 comment=defconf interface=ether2 network=\
192.168.88.0
/ip dhcp-client
add comment=defconf interface=bridge
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.194 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.88.194 name=router.lan
/ip firewall filter
add action=accept chain=input in-interface=bridge protocol=udp src-address=\
192.168.88.193
add action=accept chain=output out-interface=bridge protocol=udp
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes \
ipsec-policy=out,none out-interface-list=WAN
/ip route
add distance=1 gateway=192.168.88.1
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name=Sklad-Interrato
/system scheduler
add interval=1d name=reboot-5.30am on-event="/system reboot" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=jan/17/2017 start-time=05:30:00
[admin@Sklad-Interrato] >