Community discussions

MikroTik App
 
KNSDan
just joined
Topic Author
Posts: 1
Joined: Tue Jan 10, 2023 7:49 pm

Inherited a Mikrotik system need some help

Tue Jan 10, 2023 9:27 pm

I've taken over as IT for a client with a smallish system. it has (1) Cloud Core Router CCR1036-12G-4s (6.48.6) and (5) CRS125-24G-1S with firmware from 6.28, 6.31 and 6.36. The system is being used as an internal ISP for a condo unit. There are roughly 80 separate Vlans providing internet access to tenants and internetworking for the building systems. I'm trying to add two Unifi Lite AP's to the system, one in the MDF and one on another switch. I want WiFi to connect to the ADMIN network as this is being used by maintenance. I have one AP plugged directly into the Router on an all access admin port (admin network has access to everything) and the other AP plugged into the switch and added the switch port to VLAN 1 and made it a slave port of the switches master port. The AP in the MDF works without issue. The AP on the switch doesn't. The switch AP gets an address from DHCP and can connect to the internet (I had a cloud based UniFi controller and both AP's could communicate - I've since move the controller to a local PC). When I connect to the AP on the switch, I get a DHCP address on the proper subnet (VLAN1) but I don't get network connectivity. I cannot ping network resources or browse internet. any suggestions? firmware upgrade I imagine is the first step, but I'm deathly afraid as I'm not familiar with Mikrotik in the slightest.

Switch Config
# jan/05/2023 06:51:52 by RouterOS 6.36
# software id = 7I1V-NU9K
#
/interface ethernet
set [ find default-name=ether24 ] name=eth24-trunk
set [ find default-name=ether10 ] disabled=yes
set [ find default-name=ether11 ] disabled=yes
set [ find default-name=ether12 ] disabled=yes
set [ find default-name=ether13 ] disabled=yes
set [ find default-name=ether14 ] disabled=yes
set [ find default-name=ether15 ] disabled=yes
set [ find default-name=ether16 ] disabled=yes
set [ find default-name=ether19 ] disabled=yes
set [ find default-name=ether20 ] disabled=yes
set [ find default-name=ether21 ] disabled=yes
set [ find default-name=ether22 ] master-port=eth24-trunk
set [ find default-name=ether23 ] comment="Admin Wifi" master-port=\
eth24-trunk
set [ find default-name=sfp1 ] disabled=yes
/ip neighbor discovery
set ether23 comment="Admin Wifi"
/interface vlan
add interface=eth24-trunk name=VLAN1 vlan-id=1
/interface ethernet
set [ find default-name=ether1 ] comment=320T90 master-port=eth24-trunk name=\
eth1-320T90
set [ find default-name=ether2 ] comment=320T91 master-port=eth24-trunk name=\
eth2-320T91
set [ find default-name=ether3 ] comment=320T92 master-port=eth24-trunk name=\
eth3-320T92
set [ find default-name=ether4 ] comment=320T93 master-port=eth24-trunk name=\
eth4-320T93
set [ find default-name=ether5 ] comment=320T94 master-port=eth24-trunk name=\
eth5-320T94
set [ find default-name=ether6 ] comment=320T95 master-port=eth24-trunk name=\
eth6-320T95
set [ find default-name=ether7 ] comment="Access Control UPS P208" \
master-port=eth24-trunk name=eth7-accessups
set [ find default-name=ether8 ] comment="Access Control PoE Switch" \
master-port=eth24-trunk name=eth8-accessSW
set [ find default-name=ether9 ] comment="Cameras PoE Switch" master-port=\
eth24-trunk name=eth9-camSW
set [ find default-name=ether17 ] master-port=eth24-trunk name=eth17-bacnet
set [ find default-name=ether18 ] master-port=eth24-trunk name=eth18-bacnet
/ip neighbor discovery
set eth1-320T90 comment=320T90
set eth2-320T91 comment=320T91
set eth3-320T92 comment=320T92
set eth4-320T93 comment=320T93
set eth5-320T94 comment=320T94
set eth6-320T95 comment=320T95
set eth7-accessups comment="Access Control UPS P208"
set eth8-accessSW comment="Access Control PoE Switch"
set eth9-camSW comment="Cameras PoE Switch"
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports="eth1-320T90,eth2-\
320T91,eth3-320T92,eth4-320T93,eth5-320T94,eth6-320T95,eth7-accessups,eth8\
-accessSW,eth9-camSW,eth24-trunk,eth17-bacnet,eth18-bacnet"
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/snmp community
set [ find default=yes ] addresses=10.0.0.0/24 name=edoras
/interface ethernet switch egress-vlan-tag
add tagged-ports=eth24-trunk vlan-id=200
add tagged-ports=eth24-trunk vlan-id=201
add tagged-ports=eth24-trunk vlan-id=202
add tagged-ports=eth24-trunk vlan-id=203
add tagged-ports=eth24-trunk vlan-id=204
add tagged-ports=eth24-trunk vlan-id=205
add tagged-ports=eth24-trunk,switch1-cpu vlan-id=1
add tagged-ports=eth24-trunk vlan-id=13
add tagged-ports=eth24-trunk vlan-id=10
add tagged-ports=eth24-trunk vlan-id=12
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=200 ports=eth1-320T90 sa-learning=no
add customer-vid=0 new-customer-vid=201 ports=eth2-320T91 sa-learning=no
add customer-vid=0 new-customer-vid=202 ports=eth3-320T92 sa-learning=no
add customer-vid=0 new-customer-vid=203 ports=eth4-320T93 sa-learning=no
add customer-vid=0 new-customer-vid=204 ports=eth5-320T94 sa-learning=no
add customer-vid=0 new-customer-vid=205 ports=eth6-320T95 sa-learning=no
add customer-vid=0 new-customer-vid=1 ports=\
eth24-trunk,eth7-accessups,ether23,ether22 sa-learning=no
add customer-vid=0 new-customer-vid=13 ports=eth8-accessSW
add customer-vid=0 new-customer-vid=10 ports=eth9-camSW
add customer-vid=0 new-customer-vid=12 ports=eth17-bacnet,eth18-bacnet
/interface ethernet switch port
set 0 dscp-based-qos-dscp-to-dscp-mapping=no
set 1 dscp-based-qos-dscp-to-dscp-mapping=no
set 2 dscp-based-qos-dscp-to-dscp-mapping=no
set 3 dscp-based-qos-dscp-to-dscp-mapping=no
set 4 dscp-based-qos-dscp-to-dscp-mapping=no
set 5 dscp-based-qos-dscp-to-dscp-mapping=no
set 6 dscp-based-qos-dscp-to-dscp-mapping=no
set 7 dscp-based-qos-dscp-to-dscp-mapping=no
set 8 dscp-based-qos-dscp-to-dscp-mapping=no
set 9 dscp-based-qos-dscp-to-dscp-mapping=no
set 10 dscp-based-qos-dscp-to-dscp-mapping=no
set 11 dscp-based-qos-dscp-to-dscp-mapping=no
set 12 dscp-based-qos-dscp-to-dscp-mapping=no
set 13 dscp-based-qos-dscp-to-dscp-mapping=no
set 14 dscp-based-qos-dscp-to-dscp-mapping=no
set 15 dscp-based-qos-dscp-to-dscp-mapping=no
set 16 dscp-based-qos-dscp-to-dscp-mapping=no
set 17 dscp-based-qos-dscp-to-dscp-mapping=no
set 18 dscp-based-qos-dscp-to-dscp-mapping=no
set 19 dscp-based-qos-dscp-to-dscp-mapping=no
set 20 dscp-based-qos-dscp-to-dscp-mapping=no
set 21 dscp-based-qos-dscp-to-dscp-mapping=no
set 22 dscp-based-qos-dscp-to-dscp-mapping=no
set 23 dscp-based-qos-dscp-to-dscp-mapping=no
set 24 dscp-based-qos-dscp-to-dscp-mapping=no
set 25 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch vlan
add ports=eth1-320T90,eth24-trunk vlan-id=200
add ports=eth2-320T91,eth24-trunk vlan-id=201
add ports=eth3-320T92,eth24-trunk vlan-id=202
add ports=eth4-320T93,eth24-trunk vlan-id=203
add ports=eth5-320T94,eth24-trunk vlan-id=204
add ports=eth6-320T95,eth24-trunk vlan-id=205
add ports=eth7-accessups,ether22,ether23,eth24-trunk,switch1-cpu vlan-id=1
add ports=eth8-accessSW,eth24-trunk vlan-id=13
add ports=eth9-camSW,eth24-trunk vlan-id=10
add ports=eth17-bacnet,eth18-bacnet,eth24-trunk vlan-id=12
/ip address
add address=10.0.0.3/24 interface=VLAN1 network=10.0.0.0
/ip dns
set servers=10.0.0.1
/ip firewall filter
add action=accept chain=input dst-port=22 log-prefix="" protocol=tcp \
src-address=10.0.0.0/24
add action=accept chain=input dst-port=22 log-prefix="" protocol=tcp \
src-address=10.0.1.0/24
add action=accept chain=input dst-port=161 log-prefix="" protocol=udp \
src-address=10.0.0.0/24
add action=accept chain=input in-interface=VLAN1 log-prefix="" protocol=icmp
add action=accept chain=input connection-state=established log-prefix=""
add action=accept chain=input connection-state=related log-prefix=""
add action=drop chain=input log-prefix=""
add action=drop chain=forward log-prefix=""
/ip proxy
set cache-path=web-proxy1
/ip route
add distance=1 gateway=10.0.0.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes
/lcd
set read-only-mode=yes
/snmp
set contact=XXXXXXX@XXXXXX.net enabled=yes location="320 P209A"
/system clock
set time-zone-autodetect=no time-zone-name=America/Los_Angeles
/system identity
set name=hs320-P209A
/system leds
set 0 interface=sfp1
/system ntp client
set enabled=yes primary-ntp=10.0.0.201
/tool romon port
add

Router Config

[knsadmin@hsgw2018] > export ccoommppaacctt

# jan/10/2023 10:15:23 by RouterOS 6.48.6
# software id = 5ZQJ-8J0U
#
# model = CCR1036-12G-4S
# serial number = HCG
/interface bridge
add name=320T90
add name=320T91
add name=320T92
add name=320T93
add name=320T94
add name=320T95
add name=360T90
add name=360T91
add name=360T92
add name=360T93
add name=360T94
add name=C102
add name=C103
add name=C104
add name=C105
add name=C106
add name=C107
add name=C108
add name=C202
add name=C203
add name=C204
add name=C205
add name=C206
add name=C207
add name=C208
add name=C209
add name=C302
add name=C303
add name=C304
add name=C305
add name=C306
add name=C307
add name=C308
add name=C309
add name=C402
add name=C403
add name=C404
add name=C405
add name=C406
add name=C407
add name=C408
add name=C409
add name=C502
add name=C503
add name=C504
add name=C505
add name=C506
add name=C507
add name=C508
add name=C509
add name=C602
add name=C603
add name=C604
add name=C605
add name=D105
add name=D106
add name=D107
add name=D202
add name=D203
add name=D204
add name=D205
add name=D206
add name=D302
add name=D303
add name=D304
add name=D305
add name=D306
add name=D307
add name=D403
add name=D404
add name=D405
add name=D406
add name=D407
add name=D503
add name=D504
add name=D505
add name=D506
add name=D507
add name=D603
add name=D604
add name=access
add name=admin
add name=bacnet
add name=cam
add name=pubsvcs
add name=tjoy
add name=voice
add name=wifi
/interface ethernet
set [ find default-name=ether1 ] mac-address=6C:3B:6B:C0:14:2E name=\
eth1-P209A speed=100Mbps
set [ find default-name=ether2 ] mac-address=6C:3B:6B:C0:14:2F name=\
eth2-coresw speed=100Mbps
set [ find default-name=ether3 ] mac-address=6C:3B:6B:C0:14:30 name=\
eth3-vmnic0 speed=100Mbps
set [ find default-name=ether4 ] mac-address=6C:3B:6B:C0:14:31 name=\
eth4-vmnic1 speed=100Mbps
set [ find default-name=ether5 ] mac-address=6C:3B:6B:C0:14:32 name=eth5-cam \
speed=100Mbps
set [ find default-name=ether6 ] mac-address=6C:3B:6B:C0:14:33 name=\
eth6-zabbix speed=100Mbps
set [ find default-name=ether7 ] mac-address=6C:3B:6B:C0:14:34 name=eth7-cam \
speed=100Mbps
set [ find default-name=ether11 ] mac-address=6C:3B:6B:C0:14:38 name=\
eth11-inet
set [ find default-name=ether12 ] mac-address=6C:3B:6B:C0:14:39 name=\
eth12-admin speed=100Mbps
set [ find default-name=ether8 ] mac-address=6C:3B:6B:C0:14:35 speed=100Mbps
set [ find default-name=ether9 ] mac-address=6C:3B:6B:C0:14:36 speed=100Mbps
set [ find default-name=ether10 ] mac-address=6C:3B:6B:C0:14:37 speed=100Mbps
set [ find default-name=sfp1 ] advertise=10M-full,100M-full,1000M-full \
mac-address=6C:3B:6B:C0:14:2A name=sfp1-C210A
set [ find default-name=sfp2 ] advertise=10M-full,100M-full,1000M-full \
mac-address=6C:3B:6B:C0:14:2B name=sfp2-C510A
set [ find default-name=sfp3 ] advertise=10M-full,100M-full,1000M-full \
mac-address=6C:3B:6B:C0:14:2C name=sfp3-D210A
set [ find default-name=sfp4 ] advertise=10M-full,100M-full,1000M-full \
mac-address=6C:3B:6B:C0:14:2D name=sfp4-D510A
/interface l2tp-server
add name=l2tp-in1
/interface pptp-server
add disabled=yes
/interface vlan
add interface=eth1-P209A name=V1-P209A vlan-id=1
add interface=eth2-coresw name=V1-coresw vlan-id=1
add interface=sfp1-C210A name=V1-sfp1-C210A vlan-id=1
add interface=sfp2-C510A name=V1-sfp2-C510A vlan-id=1
add interface=sfp3-D210A name=V1-sfp3-D210A vlan-id=1
add interface=sfp4-D510A name=V1-sfp4-D510A vlan-id=1
add interface=eth3-vmnic0 name=V1-vmnic0 vlan-id=1
add interface=eth2-coresw name=V10-coresw vlan-id=10
add interface=eth1-P209A name=V10-eth1-P209A vlan-id=10
add interface=eth3-vmnic0 name=V10-vmnic0 vlan-id=10
add interface=eth2-coresw name=V11-coresw vlan-id=11
add interface=eth3-vmnic0 name=V11-vmnic0 vlan-id=11
add interface=eth2-coresw name=V12-coresw vlan-id=12
add interface=eth1-P209A name=V12-eth1-P209A vlan-id=12
add interface=eth3-vmnic0 name=V12-vmnic0 vlan-id=12
add interface=eth2-coresw name=V13-coresw vlan-id=13
add interface=eth1-P209A name=V13-eth1-P209A vlan-id=13
add interface=eth3-vmnic0 name=V13-vmnic0 vlan-id=13
add interface=eth2-coresw name=V20-coresw vlan-id=20
add interface=eth3-vmnic0 name=V20-vmnic0 vlan-id=20
add interface=eth2-coresw name=V21-coresw vlan-id=21
add interface=sfp1-C210A name=V21-sfp1-C210A vlan-id=21
add interface=sfp3-D210A name=V21-sfp3-D210A vlan-id=21
add interface=eth2-coresw name=V200-coresw vlan-id=200
add interface=eth1-P209A name=V200-eth1-P209A vlan-id=200
add interface=eth2-coresw name=V201-coresw vlan-id=201
add interface=eth1-P209A name=V201-eth1-P209A vlan-id=201
add interface=eth2-coresw name=V202-coresw vlan-id=202
add interface=eth1-P209A name=V202-eth1-P209A vlan-id=202
add interface=eth2-coresw name=V203-coresw vlan-id=203
add interface=eth1-P209A name=V203-eth1-P209A vlan-id=203
add interface=eth2-coresw name=V204-coresw vlan-id=204
add interface=eth1-P209A name=V204-eth1-P209A vlan-id=204
add interface=eth2-coresw name=V205-coresw vlan-id=205
add interface=eth1-P209A name=V205-eth1-P209A vlan-id=205
add interface=eth2-coresw name=V212-coresw vlan-id=212
add interface=sfp1-C210A name=V212-sfp1-C210A vlan-id=212
add interface=eth2-coresw name=V213-coresw vlan-id=213
add interface=sfp1-C210A name=V213-sfp1-C210A vlan-id=213
add interface=eth2-coresw name=V214-coresw vlan-id=214
add interface=sfp1-C210A name=V214-sfp1-C210A vlan-id=214
add interface=eth2-coresw name=V215-coresw vlan-id=215
add interface=sfp1-C210A name=V215-sfp1-C210A vlan-id=215
add interface=eth2-coresw name=V216-coresw vlan-id=216
add interface=sfp1-C210A name=V216-sfp1-C210A vlan-id=216
add interface=eth2-coresw name=V217-coresw vlan-id=217
add interface=sfp1-C210A name=V217-sfp1-C210A vlan-id=217
add interface=eth2-coresw name=V218-coresw vlan-id=218
add interface=sfp1-C210A name=V218-sfp1-C210A vlan-id=218
add interface=eth2-coresw name=V222-coresw vlan-id=222
add interface=sfp1-C210A name=V222-sfp1-C210A vlan-id=222
add interface=eth2-coresw name=V223-coresw vlan-id=223
add interface=sfp1-C210A name=V223-sfp1-C210A vlan-id=223
add interface=eth2-coresw name=V224-coresw vlan-id=224
add interface=sfp1-C210A name=V224-sfp1-C210A vlan-id=224
add interface=eth2-coresw name=V225-coresw vlan-id=225
add interface=sfp1-C210A name=V225-sfp1-C210A vlan-id=225
add interface=eth2-coresw name=V226-coresw vlan-id=226
add interface=sfp1-C210A name=V226-sfp1-C210A vlan-id=226
add interface=eth2-coresw name=V227-coresw vlan-id=227
add interface=sfp1-C210A name=V227-sfp1-C210A vlan-id=227
add interface=eth2-coresw name=V228-coresw vlan-id=228
add interface=sfp1-C210A name=V228-sfp1-C210A vlan-id=228
add interface=eth2-coresw name=V229-coresw vlan-id=229
add interface=sfp1-C210A name=V229-sfp1-C210A vlan-id=229
add interface=eth2-coresw name=V232-coresw vlan-id=232
add interface=sfp1-C210A name=V232-sfp1-C210A vlan-id=232
add interface=eth2-coresw name=V233-coresw vlan-id=233
add interface=sfp1-C210A name=V233-sfp1-C210A vlan-id=233
add interface=eth2-coresw name=V234-coresw vlan-id=234
add interface=sfp1-C210A name=V234-sfp1-C210A vlan-id=234
add interface=eth2-coresw name=V235-coresw vlan-id=235
add interface=sfp1-C210A name=V235-sfp1-C210A vlan-id=235
add interface=eth2-coresw name=V236-coresw vlan-id=236
add interface=sfp1-C210A name=V236-sfp1-C210A vlan-id=236
add interface=eth2-coresw name=V237-coresw vlan-id=237
add interface=sfp1-C210A name=V237-sfp1-C210A vlan-id=237
add interface=eth2-coresw name=V238-coresw vlan-id=238
add interface=sfp1-C210A name=V238-sfp1-C210A vlan-id=238
add interface=eth2-coresw name=V239-coresw vlan-id=239
add interface=sfp1-C210A name=V239-sfp1-C210A vlan-id=239
add interface=eth2-coresw name=V242-coresw vlan-id=242
add interface=sfp2-C510A name=V242-sfp2-C510A vlan-id=242
add interface=eth2-coresw name=V243-coresw vlan-id=243
add interface=sfp2-C510A name=V243-sfp2-C510A vlan-id=243
add interface=eth2-coresw name=V244-coresw vlan-id=244
add interface=sfp2-C510A name=V244-sfp2-C510A vlan-id=244
add interface=eth2-coresw name=V245-coresw vlan-id=245
add interface=sfp2-C510A name=V245-sfp2-C510A vlan-id=245
add interface=eth2-coresw name=V246-coresw vlan-id=246
add interface=sfp2-C510A name=V246-sfp2-C510A vlan-id=246
add interface=eth2-coresw name=V247-coresw vlan-id=247
add interface=sfp2-C510A name=V247-sfp2-C510A vlan-id=247
add interface=eth2-coresw name=V248-coresw vlan-id=248
add interface=sfp2-C510A name=V248-sfp2-C510A vlan-id=248
add interface=eth2-coresw name=V249-coresw vlan-id=249
add interface=sfp2-C510A name=V249-sfp2-C510A vlan-id=249
add interface=eth2-coresw name=V252-coresw vlan-id=252
add interface=sfp2-C510A name=V252-sfp2-C510A vlan-id=252
add interface=eth2-coresw name=V253-coresw vlan-id=253
add interface=sfp2-C510A name=V253-sfp2-C510A vlan-id=253
add interface=eth2-coresw name=V254-coresw vlan-id=254
add interface=sfp2-C510A name=V254-sfp2-C510A vlan-id=254
add interface=eth2-coresw name=V255-coresw vlan-id=255
add interface=sfp2-C510A name=V255-sfp2-C510A vlan-id=255
add interface=eth2-coresw name=V256-coresw vlan-id=256
add interface=sfp2-C510A name=V256-sfp2-C510A vlan-id=256
add interface=eth2-coresw name=V257-coresw vlan-id=257
add interface=sfp2-C510A name=V257-sfp2-C510A vlan-id=257
add interface=eth2-coresw name=V258-coresw vlan-id=258
add interface=sfp2-C510A name=V258-sfp2-C510A vlan-id=258
add interface=eth2-coresw name=V259-coresw vlan-id=259
add interface=sfp2-C510A name=V259-sfp2-C510A vlan-id=259
add interface=eth2-coresw name=V262-coresw vlan-id=262
add interface=sfp2-C510A name=V262-sfp2-C510A vlan-id=262
add interface=eth2-coresw name=V263-coresw vlan-id=263
add interface=sfp2-C510A name=V263-sfp2-C510A vlan-id=263
add interface=eth2-coresw name=V264-coresw vlan-id=264
add interface=sfp2-C510A name=V264-sfp2-C510A vlan-id=264
add interface=eth2-coresw name=V265-coresw vlan-id=265
add interface=sfp2-C510A name=V265-sfp2-C510A vlan-id=265
add interface=eth2-coresw name=V600-coresw vlan-id=600
add interface=eth2-coresw name=V601-coresw vlan-id=601
add interface=eth2-coresw name=V602-coresw vlan-id=602
add interface=eth2-coresw name=V603-coresw vlan-id=603
add interface=eth2-coresw name=V604-coresw vlan-id=604
add interface=eth2-coresw name=V615-coresw vlan-id=615
add interface=sfp3-D210A name=V615-sfp3-D210A vlan-id=615
add interface=eth2-coresw name=V616-coresw vlan-id=616
add interface=sfp3-D210A name=V616-sfp3-D210A vlan-id=616
add interface=eth2-coresw name=V617-coresw vlan-id=617
add interface=sfp3-D210A name=V617-sfp3-D210A vlan-id=617
add interface=eth2-coresw name=V622-coresw vlan-id=622
add interface=sfp3-D210A name=V622-sfp3-D210A vlan-id=622
add interface=eth2-coresw name=V623-coresw vlan-id=623
add interface=sfp3-D210A name=V623-sfp3-D210A vlan-id=623
add interface=eth2-coresw name=V624-coresw vlan-id=624
add interface=sfp3-D210A name=V624-sfp3-D210A vlan-id=624
add interface=eth2-coresw name=V625-coresw vlan-id=625
add interface=sfp3-D210A name=V625-sfp3-D210A vlan-id=625
add interface=eth2-coresw name=V626-coresw vlan-id=626
add interface=sfp3-D210A name=V626-sfp3-D210A vlan-id=626
add interface=eth2-coresw name=V632-coresw vlan-id=632
add interface=sfp3-D210A name=V632-sfp3-D210A vlan-id=632
add interface=eth2-coresw name=V633-coresw vlan-id=633
add interface=sfp3-D210A name=V633-sfp3-D210A vlan-id=633
add interface=eth2-coresw name=V634-coresw vlan-id=634
add interface=sfp3-D210A name=V634-sfp3-D210A vlan-id=634
add interface=eth2-coresw name=V635-coresw vlan-id=635
add interface=sfp3-D210A name=V635-sfp3-D210A vlan-id=635
add interface=eth2-coresw name=V636-coresw vlan-id=636
add interface=sfp3-D210A name=V636-sfp3-D210A vlan-id=636
add interface=eth2-coresw name=V637-coresw vlan-id=637
add interface=sfp3-D210A name=V637-sfp3-D210A vlan-id=637
add interface=eth2-coresw name=V643-coresw vlan-id=643
add interface=sfp4-D510A name=V643-sfp4-D510A vlan-id=643
add interface=eth2-coresw name=V644-coresw vlan-id=644
add interface=sfp4-D510A name=V644-sfp4-D510A vlan-id=644
add interface=eth2-coresw name=V645-coresw vlan-id=645
add interface=sfp4-D510A name=V645-sfp4-D510A vlan-id=645
add interface=eth2-coresw name=V646-coresw vlan-id=646
add interface=sfp4-D510A name=V646-sfp4-D510A vlan-id=646
add interface=eth2-coresw name=V647-coresw vlan-id=647
add interface=sfp4-D510A name=V647-sfp4-D510A vlan-id=647
add interface=eth2-coresw name=V653-coresw vlan-id=653
add interface=sfp4-D510A name=V653-sfp4-D510A vlan-id=653
add interface=eth2-coresw name=V654-coresw vlan-id=654
add interface=sfp4-D510A name=V654-sfp4-D510A vlan-id=654
add interface=eth2-coresw name=V655-coresw vlan-id=655
add interface=sfp4-D510A name=V655-sfp4-D510A vlan-id=655
add interface=eth2-coresw name=V656-coresw vlan-id=656
add interface=sfp4-D510A name=V656-sfp4-D510A vlan-id=656
add interface=eth2-coresw name=V657-coresw vlan-id=657
add interface=sfp4-D510A name=V657-sfp4-D510A vlan-id=657
add interface=eth2-coresw name=V663-coresw vlan-id=663
add interface=sfp4-D510A name=V663-sfp4-D510A vlan-id=663
add interface=eth2-coresw name=V664-coresw vlan-id=664
add interface=sfp4-D510A name=V664-sfp4-D510A vlan-id=664
add interface=eth2-coresw name=V951-coresw vlan-id=951
add interface=sfp4-D510A name=V951-sfp4-D510A vlan-id=951
add interface=eth3-vmnic0 name=V951-vmnic0 vlan-id=951
/interface list
add exclude=dynamic name=discover
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server
add authoritative=after-2sec-delay disabled=no interface=pubsvcs lease-time=\
3d name=pubsvcs src-address=10.0.20.1
/ip pool
add name=admin ranges=10.0.0.10-10.0.0.254
add name=wifi ranges=10.0.21.10-10.0.21.254
add name=tjoy ranges=10.95.1.10-10.95.1.250
add name=bacnet ranges=10.0.12.50-10.0.12.80
add name=dhcp-access ranges=10.0.13.10-10.0.13.254
add name=dhcp-cam ranges=10.0.10.10-10.0.10.254
add name=dhcp-voice ranges=10.0.11.2-10.0.11.100
add name=C502 ranges=10.20.52.10-10.20.52.254
add name=C503 ranges=10.20.53.10-10.20.53.254
add name=C504 ranges=10.20.54.10-10.20.54.254
add name=C505 ranges=10.20.55.10-10.20.55.254
add name=C506 ranges=10.20.56.10-10.20.56.254
add name=C507 ranges=10.20.57.10-10.20.57.254
add name=C508 ranges=10.20.58.10-10.20.58.254
add name=C509 ranges=10.20.59.10-10.20.59.254
add name=C402 ranges=10.20.42.10-10.20.42.254
add name=C403 ranges=10.20.43.10-10.20.43.254
add name=C404 ranges=10.20.44.10-10.20.44.254
add name=C405 ranges=10.20.45.10-10.20.45.254
add name=C406 ranges=10.20.46.10-10.20.46.254
add name=C407 ranges=10.20.47.10-10.20.47.254
add name=C408 ranges=10.20.48.10-10.20.48.254
add name=C409 ranges=10.20.49.10-10.20.49.254
add name=C302 ranges=10.20.32.10-10.20.32.254
add name=C303 ranges=10.20.33.10-10.20.33.254
add name=C304 ranges=10.20.34.10-10.20.34.254
add name=C305 ranges=10.20.35.10-10.20.35.254
add name=C306 ranges=10.20.36.10-10.20.36.254
add name=C307 ranges=10.20.37.10-10.20.37.254
add name=C308 ranges=10.20.38.10-10.20.38.254
add name=C309 ranges=10.20.39.10-10.20.39.254
add name=C202 ranges=10.20.22.10-10.20.22.254
add name=C203 ranges=10.20.23.10-10.20.23.254
add name=C204 ranges=10.20.24.10-10.20.24.254
add name=C205 ranges=10.20.25.10-10.20.25.254
add name=C206 ranges=10.20.26.10-10.20.26.254
add name=C207 ranges=10.20.27.10-10.20.27.254
add name=C208 ranges=10.20.28.10-10.20.28.254
add name=C209 ranges=10.20.29.10-10.20.29.254
add name=C102 ranges=10.20.12.10-10.20.12.254
add name=C103 ranges=10.20.13.10-10.20.13.254
add name=C104 ranges=10.20.14.10-10.20.14.254
add name=C105 ranges=10.20.15.10-10.20.15.254
add name=C106 ranges=10.20.16.10-10.20.16.254
add name=C107 ranges=10.20.17.10-10.20.17.254
add name=C108 ranges=10.20.18.10-10.20.18.254
add name=C602 ranges=10.20.62.10-10.20.62.254
add name=C603 ranges=10.20.63.10-10.20.63.254
add name=C604 ranges=10.20.64.10-10.20.64.254
add name=C605 ranges=10.20.65.10-10.20.65.254
add name=D105 ranges=10.60.15.10-10.60.15.254
add name=D106 ranges=10.60.16.10-10.60.16.254
add name=D107 ranges=10.60.17.10-10.60.17.254
add name=D203 ranges=10.60.23.10-10.60.23.254
add name=D204 ranges=10.60.24.10-10.60.24.254
add name=D205 ranges=10.60.25.10-10.60.25.254
add name=D206 ranges=10.60.26.10-10.60.26.254
add name=D303 ranges=10.60.33.10-10.60.33.254
add name=D304 ranges=10.60.34.10-10.60.34.254
add name=D305 ranges=10.60.35.10-10.60.35.254
add name=D306 ranges=10.60.36.10-10.60.36.254
add name=D307 ranges=10.60.37.10-10.60.37.254
add name=D403 ranges=10.60.43.10-10.60.43.254
add name=D404 ranges=10.60.44.10-10.60.44.254
add name=D405 ranges=10.60.45.10-10.60.45.254
add name=D406 ranges=10.60.46.10-10.60.46.254
add name=D407 ranges=10.60.47.10-10.60.47.254
add name=D503 ranges=10.60.53.10-10.60.53.254
add name=D504 ranges=10.60.54.10-10.60.54.254
add name=D505 ranges=10.60.55.10-10.60.55.254
add name=D506 ranges=10.60.56.10-10.60.56.254
add name=D507 ranges=10.60.57.10-10.60.57.254
add name=D603 ranges=10.60.63.10-10.60.63.254
add name=D604 ranges=10.60.64.10-10.60.64.254
add name=320T90 ranges=10.20.0.10-10.20.0.254
add name=320T91 ranges=10.20.1.10-10.20.1.254
add name=320T92 ranges=10.20.2.10-10.20.2.254
add name=320T93 ranges=10.20.3.10-10.20.3.254
add name=320T94 ranges=10.20.4.10-10.20.4.254
add name=320T95 ranges=10.20.5.10-10.20.5.254
add name=360T90 ranges=10.60.0.10-10.60.0.254
add name=360T91 ranges=10.60.1.10-10.60.1.254
add name=360T92 ranges=10.60.2.10-10.60.2.254
add name=360T93 ranges=10.60.3.10-10.60.3.254
add name=360T94 ranges=10.60.4.10-10.60.4.254
add name=vpn ranges=10.0.1.10-10.0.1.254
/ip dhcp-server
add address-pool=admin disabled=no interface=admin lease-time=1d name=admin

/queue tree
add max-limit=1G name=inet parent=global
add burst-time=10s max-limit=600M name=units parent=inet
add limit-at=100M max-limit=500M name=services parent=inet

/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=admin hw=no interface=eth12-admin
add bridge=320T90 interface=V200-eth1-P209A
add bridge=320T90 interface=V200-coresw
add bridge=320T91 interface=V201-eth1-P209A
add bridge=320T91 interface=V201-coresw
add bridge=320T92 interface=V202-eth1-P209A
add bridge=320T92 interface=V202-coresw
add bridge=320T93 interface=V203-eth1-P209A
add bridge=320T93 interface=V203-coresw
add bridge=320T94 interface=V204-eth1-P209A
add bridge=320T94 interface=V204-coresw
add bridge=320T95 interface=V205-eth1-P209A
add bridge=320T95 interface=V205-coresw
add bridge=C402 interface=V242-sfp2-C510A
add bridge=C402 interface=V242-coresw
add bridge=C403 interface=V243-sfp2-C510A
add bridge=C403 interface=V243-coresw
add bridge=C404 interface=V244-sfp2-C510A
add bridge=C404 interface=V244-coresw
add bridge=C405 interface=V245-sfp2-C510A
add bridge=C405 interface=V245-coresw
add bridge=C406 interface=V246-sfp2-C510A
add bridge=C406 interface=V246-coresw
add bridge=C407 interface=V247-sfp2-C510A
add bridge=C407 interface=V247-coresw
add bridge=C408 interface=V248-sfp2-C510A
add bridge=C408 interface=V248-coresw
add bridge=C409 interface=V249-sfp2-C510A
add bridge=C409 interface=V249-coresw
add bridge=C502 interface=V252-sfp2-C510A
add bridge=C502 interface=V252-coresw
add bridge=C503 interface=V253-sfp2-C510A
add bridge=C503 interface=V253-coresw
add bridge=C504 interface=V254-sfp2-C510A
add bridge=C504 interface=V254-coresw
add bridge=C505 interface=V255-sfp2-C510A
add bridge=C505 interface=V255-coresw
add bridge=C506 interface=V256-sfp2-C510A
add bridge=C506 interface=V256-coresw
add bridge=C507 interface=V257-sfp2-C510A
add bridge=C507 interface=V257-coresw
add bridge=C508 interface=V258-sfp2-C510A
add bridge=C508 interface=V258-coresw
add bridge=C509 interface=V259-sfp2-C510A
add bridge=C509 interface=V259-coresw
add bridge=C602 interface=V262-sfp2-C510A
add bridge=C602 interface=V262-coresw
add bridge=C603 interface=V263-sfp2-C510A
add bridge=C603 interface=V263-coresw
add bridge=C604 interface=V264-sfp2-C510A
add bridge=C604 interface=V264-coresw
add bridge=C605 interface=V265-sfp2-C510A
add bridge=C605 interface=V265-coresw
add bridge=D403 interface=V643-sfp4-D510A
add bridge=D403 interface=V643-coresw
add bridge=D404 interface=V644-sfp4-D510A
add bridge=D404 interface=V644-coresw
add bridge=D405 interface=V645-sfp4-D510A
add bridge=D405 interface=V645-coresw
add bridge=D406 interface=V646-sfp4-D510A
add bridge=D406 interface=V646-coresw
add bridge=D407 interface=V647-sfp4-D510A
add bridge=D407 interface=V647-coresw
add bridge=D503 interface=V653-sfp4-D510A
add bridge=D503 interface=V653-coresw
add bridge=D504 interface=V654-sfp4-D510A
add bridge=D504 interface=V654-coresw
add bridge=D505 interface=V655-sfp4-D510A
add bridge=D505 interface=V655-coresw
add bridge=D506 interface=V656-sfp4-D510A
add bridge=D506 interface=V656-coresw
add bridge=D507 interface=V657-sfp4-D510A
add bridge=D507 interface=V657-coresw
add bridge=D603 interface=V663-sfp4-D510A
add bridge=D603 interface=V663-coresw
add bridge=D604 interface=V664-sfp4-D510A
add bridge=D604 interface=V664-coresw
add bridge=C102 interface=V212-sfp1-C210A
add bridge=C102 interface=V212-coresw
add bridge=C103 interface=V213-sfp1-C210A
add bridge=C103 interface=V213-coresw
add bridge=C104 interface=V214-sfp1-C210A
add bridge=C104 interface=V214-coresw
add bridge=C105 interface=V215-sfp1-C210A
add bridge=C105 interface=V215-coresw
add bridge=C106 interface=V216-sfp1-C210A
add bridge=C106 interface=V216-coresw
add bridge=C107 interface=V217-sfp1-C210A
add bridge=C107 interface=V217-coresw
add bridge=C108 interface=V218-sfp1-C210A
add bridge=C108 interface=V218-coresw
add bridge=C202 interface=V222-sfp1-C210A
add bridge=C202 interface=V222-coresw
add bridge=C203 interface=V223-sfp1-C210A
add bridge=C203 interface=V223-coresw
add bridge=C204 interface=V224-sfp1-C210A
add bridge=C204 interface=V224-coresw
add bridge=C205 interface=V225-sfp1-C210A
add bridge=C205 interface=V225-coresw
add bridge=C206 interface=V226-sfp1-C210A
add bridge=C206 interface=V226-coresw
add bridge=C207 interface=V227-sfp1-C210A
add bridge=C207 interface=V227-coresw
add bridge=C208 interface=V228-sfp1-C210A
add bridge=C208 interface=V228-coresw
add bridge=C209 interface=V229-sfp1-C210A
add bridge=C209 interface=V229-coresw
add bridge=C302 interface=V232-sfp1-C210A
add bridge=C302 interface=V232-coresw
add bridge=C303 interface=V233-sfp1-C210A
add bridge=C303 interface=V233-coresw
add bridge=C304 interface=V234-sfp1-C210A
add bridge=C304 interface=V234-coresw
add bridge=C305 interface=V235-sfp1-C210A
add bridge=C305 interface=V235-coresw
add bridge=C306 interface=V236-sfp1-C210A
add bridge=C306 interface=V236-coresw
add bridge=C307 interface=V237-sfp1-C210A
add bridge=C307 interface=V237-coresw
add bridge=C308 interface=V238-sfp1-C210A
add bridge=C308 interface=V238-coresw
add bridge=C309 interface=V239-sfp1-C210A
add bridge=C309 interface=V239-coresw
add bridge=D105 interface=V615-sfp3-D210A
add bridge=D105 interface=V615-coresw
add bridge=D106 interface=V616-sfp3-D210A
add bridge=D106 interface=V616-coresw
add bridge=D107 interface=V617-sfp3-D210A
add bridge=D107 interface=V617-coresw
add bridge=D202 interface=V622-sfp3-D210A
add bridge=D202 interface=V622-coresw
add bridge=D203 interface=V623-sfp3-D210A
add bridge=D203 interface=V623-coresw
add bridge=D204 interface=V624-sfp3-D210A
add bridge=D204 interface=V624-coresw
add bridge=D205 interface=V625-sfp3-D210A
add bridge=D205 interface=V625-coresw
add bridge=D206 interface=V626-sfp3-D210A
add bridge=D206 interface=V626-coresw
add bridge=D302 interface=V632-sfp3-D210A
add bridge=D302 interface=V632-coresw
add bridge=D303 interface=V633-sfp3-D210A
add bridge=D303 interface=V633-coresw
add bridge=D304 interface=V634-sfp3-D210A
add bridge=D304 interface=V634-coresw
add bridge=D305 interface=V635-sfp3-D210A
add bridge=D305 interface=V635-coresw
add bridge=D306 interface=V636-sfp3-D210A
add bridge=D306 interface=V636-coresw
add bridge=D307 interface=V637-sfp3-D210A
add bridge=D307 interface=V637-coresw
add bridge=cam interface=V10-coresw
add bridge=voice interface=V11-coresw
add bridge=bacnet interface=V12-coresw
add bridge=pubsvcs interface=V20-coresw
add bridge=wifi interface=V21-coresw
add bridge=access interface=V13-coresw
add bridge=tjoy interface=V951-coresw
add bridge=360T90 interface=V600-coresw
add bridge=360T91 interface=V601-coresw
add bridge=360T92 interface=V602-coresw
add bridge=360T93 interface=V603-coresw
add bridge=360T94 interface=V604-coresw
add bridge=admin hw=no interface=eth2-coresw
add bridge=admin hw=no interface=sfp1-C210A
add bridge=admin hw=no interface=sfp2-C510A
add bridge=admin hw=no interface=sfp3-D210A
add bridge=admin hw=no interface=sfp4-D510A
add bridge=admin interface=V1-coresw
add bridge=admin interface=V1-sfp1-C210A
add bridge=admin interface=V1-sfp2-C510A
add bridge=admin interface=V1-sfp3-D210A
add bridge=admin interface=V1-sfp4-D510A
add bridge=tjoy interface=V951-sfp4-D510A
add bridge=wifi interface=V21-sfp1-C210A
add bridge=wifi interface=V21-sfp3-D210A
add bridge=admin hw=no interface=eth3-vmnic0
add bridge=admin interface=V1-vmnic0
add bridge=pubsvcs interface=V20-vmnic0
add bridge=voice interface=V11-vmnic0
add bridge=bacnet interface=V12-vmnic0
add bridge=access interface=V13-vmnic0
add bridge=tjoy interface=V951-vmnic0
add bridge=cam hw=no interface=eth4-vmnic1
add bridge=cam hw=no interface=eth5-cam
add bridge=access interface=V13-eth1-P209A
add bridge=cam interface=V10-eth1-P209A
add bridge=admin hw=no interface=eth1-P209A
add bridge=admin interface=V1-P209A
add bridge=admin hw=no interface=eth6-zabbix
add bridge=cam hw=no interface=eth7-cam
add bridge=bacnet interface=V12-eth1-P209A
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add interface=sfp1-C210A list=discover
add interface=sfp2-C510A list=discover
add interface=sfp3-D210A list=discover
add interface=sfp4-D510A list=discover
add interface=eth1-P209A list=discover
add interface=eth2-coresw list=discover
add interface=eth3-vmnic0 list=discover
add interface=eth4-vmnic1 list=discover
add interface=eth5-cam list=discover
add interface=eth6-zabbix list=discover
add interface=eth7-cam list=discover
add interface=ether8 list=discover
add interface=ether9 list=discover
add interface=ether10 list=discover
add interface=eth11-inet list=discover
add interface=eth12-admin list=discover
add interface=admin list=discover
add interface=320T90 list=discover
add interface=V200-eth1-P209A list=discover
add interface=V200-coresw list=discover
add interface=320T91 list=discover
add interface=V201-eth1-P209A list=discover
add interface=V201-coresw list=discover
add interface=320T92 list=discover
add interface=V202-eth1-P209A list=discover
add interface=V202-coresw list=discover
add interface=320T93 list=discover
add interface=V203-eth1-P209A list=discover
add interface=V203-coresw list=discover
add interface=320T94 list=discover
add interface=V204-eth1-P209A list=discover
add interface=V204-coresw list=discover
add interface=320T95 list=discover
add interface=V205-eth1-P209A list=discover
add interface=V205-coresw list=discover
add interface=C402 list=discover
add interface=V242-sfp2-C510A list=discover
add interface=V242-coresw list=discover
add interface=C403 list=discover
add interface=V243-sfp2-C510A list=discover
add interface=V243-coresw list=discover
add interface=C404 list=discover
add interface=V244-sfp2-C510A list=discover
add interface=V244-coresw list=discover
add interface=C405 list=discover
add interface=V245-sfp2-C510A list=discover
add interface=V245-coresw list=discover
add interface=C406 list=discover
add interface=V246-sfp2-C510A list=discover
add interface=V246-coresw list=discover
add interface=C407 list=discover
add interface=V247-sfp2-C510A list=discover
add interface=V247-coresw list=discover
add interface=C408 list=discover
add interface=V248-sfp2-C510A list=discover
add interface=V248-coresw list=discover
add interface=C409 list=discover
add interface=V249-sfp2-C510A list=discover
add interface=V249-coresw list=discover
add interface=C502 list=discover
add interface=V252-sfp2-C510A list=discover
add interface=V252-coresw list=discover
add interface=C503 list=discover
add interface=V253-sfp2-C510A list=discover
add interface=V253-coresw list=discover
add interface=C504 list=discover
add interface=V254-sfp2-C510A list=discover
add interface=V254-coresw list=discover
add interface=C505 list=discover
add interface=V255-sfp2-C510A list=discover
add interface=V255-coresw list=discover
add interface=C506 list=discover
add interface=V256-sfp2-C510A list=discover
add interface=V256-coresw list=discover
add interface=C507 list=discover
add interface=V257-sfp2-C510A list=discover
add interface=V257-coresw list=discover
add interface=C508 list=discover
add interface=V258-sfp2-C510A list=discover
add interface=V258-coresw list=discover
add interface=C509 list=discover
add interface=V259-sfp2-C510A list=discover
add interface=V259-coresw list=discover
add interface=C602 list=discover
add interface=V262-sfp2-C510A list=discover
add interface=V262-coresw list=discover
add interface=C603 list=discover
add interface=V263-sfp2-C510A list=discover
add interface=V263-coresw list=discover
add interface=C604 list=discover
add interface=V264-sfp2-C510A list=discover
add interface=V264-coresw list=discover
add interface=C605 list=discover
add interface=V265-sfp2-C510A list=discover
add interface=V265-coresw list=discover
add interface=D403 list=discover
add interface=V643-sfp4-D510A list=discover
add interface=V643-coresw list=discover
add interface=D404 list=discover
add interface=V644-sfp4-D510A list=discover
add interface=V644-coresw list=discover
add interface=D405 list=discover
add interface=V645-sfp4-D510A list=discover
add interface=V645-coresw list=discover
add interface=D406 list=discover
add interface=V646-sfp4-D510A list=discover
add interface=V646-coresw list=discover
add interface=D407 list=discover
add interface=V647-sfp4-D510A list=discover
add interface=V647-coresw list=discover
add interface=D503 list=discover
add interface=V653-sfp4-D510A list=discover
add interface=V653-coresw list=discover
add interface=D504 list=discover
add interface=V654-sfp4-D510A list=discover
add interface=V654-coresw list=discover
add interface=D505 list=discover
add interface=V655-sfp4-D510A list=discover
add interface=V655-coresw list=discover
add interface=D506 list=discover
add interface=V656-sfp4-D510A list=discover
add interface=V656-coresw list=discover
add interface=D507 list=discover
add interface=V657-sfp4-D510A list=discover
add interface=V657-coresw list=discover
add interface=D603 list=discover
add interface=V663-sfp4-D510A list=discover
add interface=V663-coresw list=discover
add interface=D604 list=discover
add interface=V664-sfp4-D510A list=discover
add interface=V664-coresw list=discover
add interface=C102 list=discover
add interface=V212-sfp1-C210A list=discover
add interface=V212-coresw list=discover
add interface=C103 list=discover
add interface=V213-sfp1-C210A list=discover
add interface=V213-coresw list=discover
add interface=C104 list=discover
add interface=V214-sfp1-C210A list=discover
add interface=V214-coresw list=discover
add interface=C105 list=discover
add interface=V215-sfp1-C210A list=discover
add interface=V215-coresw list=discover
add interface=C106 list=discover
add interface=V216-sfp1-C210A list=discover
add interface=V216-coresw list=discover
add interface=C107 list=discover
add interface=V217-sfp1-C210A list=discover
add interface=V217-coresw list=discover
add interface=C108 list=discover
add interface=V218-sfp1-C210A list=discover
add interface=V218-coresw list=discover
add interface=C202 list=discover
add interface=V222-sfp1-C210A list=discover
add interface=V222-coresw list=discover
add interface=C203 list=discover
add interface=V223-sfp1-C210A list=discover
add interface=V223-coresw list=discover
add interface=C204 list=discover
add interface=V224-sfp1-C210A list=discover
add interface=V224-coresw list=discover
add interface=C205 list=discover
add interface=V225-sfp1-C210A list=discover
add interface=V225-coresw list=discover
add interface=C206 list=discover
add interface=V226-sfp1-C210A list=discover
add interface=V226-coresw list=discover
add interface=C207 list=discover
add interface=V227-sfp1-C210A list=discover
add interface=V227-coresw list=discover
add interface=C208 list=discover
add interface=V228-sfp1-C210A list=discover
add interface=V228-coresw list=discover
add interface=C209 list=discover
add interface=V229-sfp1-C210A list=discover
add interface=V229-coresw list=discover
add interface=C302 list=discover
add interface=V232-sfp1-C210A list=discover
add interface=V232-coresw list=discover
add interface=C303 list=discover
add interface=V233-sfp1-C210A list=discover
add interface=V233-coresw list=discover
add interface=C304 list=discover
add interface=V234-sfp1-C210A list=discover
add interface=V234-coresw list=discover
add interface=C305 list=discover
add interface=V235-sfp1-C210A list=discover
add interface=V235-coresw list=discover
add interface=C306 list=discover
add interface=V236-sfp1-C210A list=discover
add interface=V236-coresw list=discover
add interface=C307 list=discover
add interface=V237-sfp1-C210A list=discover
add interface=V237-coresw list=discover
add interface=C308 list=discover
add interface=V238-sfp1-C210A list=discover
add interface=V238-coresw list=discover
add interface=C309 list=discover
add interface=V239-sfp1-C210A list=discover
add interface=V239-coresw list=discover
add interface=D105 list=discover
add interface=V615-sfp3-D210A list=discover
add interface=V615-coresw list=discover
add interface=D106 list=discover
add interface=V616-sfp3-D210A list=discover
add interface=V616-coresw list=discover
add interface=D107 list=discover
add interface=V617-sfp3-D210A list=discover
add interface=V617-coresw list=discover
add interface=D202 list=discover
add interface=V622-sfp3-D210A list=discover
add interface=V622-coresw list=discover
add interface=D203 list=discover
add interface=V623-sfp3-D210A list=discover
add interface=V623-coresw list=discover
add interface=D204 list=discover
add interface=V624-sfp3-D210A list=discover
add interface=V624-coresw list=discover
add interface=D205 list=discover
add interface=V625-sfp3-D210A list=discover
add interface=V625-coresw list=discover
add interface=D206 list=discover
add interface=V626-sfp3-D210A list=discover
add interface=V626-coresw list=discover
add interface=D302 list=discover
add interface=V632-sfp3-D210A list=discover
add interface=V632-coresw list=discover
add interface=D303 list=discover
add interface=V633-sfp3-D210A list=discover
add interface=V633-coresw list=discover
add interface=D304 list=discover
add interface=V634-sfp3-D210A list=discover
add interface=V634-coresw list=discover
add interface=D305 list=discover
add interface=V635-sfp3-D210A list=discover
add interface=V635-coresw list=discover
add interface=D306 list=discover
add interface=V636-sfp3-D210A list=discover
add interface=V636-coresw list=discover
add interface=D307 list=discover
add interface=V637-sfp3-D210A list=discover
add interface=V637-coresw list=discover
add interface=cam list=discover
add interface=V10-coresw list=discover
add interface=voice list=discover
add interface=V11-coresw list=discover
add interface=bacnet list=discover
add interface=V12-coresw list=discover
add interface=pubsvcs list=discover
add interface=V20-coresw list=discover
add interface=wifi list=discover
add interface=V21-coresw list=discover
add interface=access list=discover
add interface=V13-coresw list=discover
add interface=tjoy list=discover
add interface=V951-coresw list=discover
add interface=360T90 list=discover
add interface=360T91 list=discover
add interface=360T92 list=discover
add interface=360T93 list=discover
add interface=360T94 list=discover
add interface=V600-coresw list=discover
add interface=V601-coresw list=discover
add interface=V602-coresw list=discover
add interface=V603-coresw list=discover
add interface=V604-coresw list=discover
/interface ovpn-server server
set auth=
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2
/ip address
add address=10.0.0.1/24 interface=admin network=10.0.0.0


/ip dns
set allow-remote-requests=yes cache-size=4096KiB servers=


/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=accept chain=input dst-port=22 protocol=tcp src-address-list=\
admins
add action=accept chain=input dst-port=22 protocol=tcp src-address-list=vpn
add action=accept chain=input dst-port=22 protocol=tcp src-address=\
10.0.0.0/24
add action=accept chain=input in-interface=eth11-inet protocol=ipsec-esp
add action=accept chain=input dst-port=500,1701,4500 in-interface=eth11-inet \
protocol=udp
add action=accept chain=nput dst-port=8291 protocol=tcp src-port=""
add action=drop chain=input protocol=tcp src-address-list=portscan
add action=drop chain=input protocol=udp src-address-list=portscan
add action=accept chain=input comment=tftp dst-port=69 protocol=udp \
src-address=10.0.0.0/24
add action=accept chain=input comment="DNS from internal networks" dst-port=\
53 protocol=udp src-address=10.0.0.0/8
add action=accept chain=input comment=VPN dst-port=1194 protocol=tcp
add action=accept chain=input comment=SNMP dst-port=161 protocol=udp \
src-address=10.0.0.200
add action=accept chain=input comment="SNMP from " \
dst-address= dst-port= protocol=udp src-address=\

add action=accept chain=input dst-port=2000-2010 protocol=udp \
src-address-list=bandwidthtest
add action=add-src-to-address-list address-list=portscan \
address-list-timeout=2w chain=input comment="Port scan" protocol=tcp psd=\
21,3s,5,2
add action=log chain=input log-prefix=portscan src-address-list=portscan
add action=accept chain=input comment="Bandwidth test" disabled=yes dst-port=\
2000 protocol=tcp src-address
add action=log chain=input disabled=yes log-prefix="input drop"
add action=drop chain=input
add action=drop chain=public src-address-list=dropweb
add action=log chain=forward log-prefix=fwd-portscan protocol=tcp \
src-address-list=portscan
add action=log chain=forward log-prefix=fwd-portscan protocol=udp \
src-address-list=portscan
add action=log chain=forward disabled=yes dst-port=22 log-prefix=sshfwd \
protocol=tcp
add action=jump chain=forward jump-target=bacnet src-address=10.0.12.0/24
add action=jump chain=forward disabled=yes dst-address=10.0.12.0/24 \
jump-target=bacnet
add action=jump chain=forward jump-target=access src-address=10.0.13.0/24
add action=jump chain=forward dst-address=10.0.13.0/24 jump-target=access
add action=jump chain=forward dst-address=10.0.10.0/24 jump-target=cam
add action=jump chain=forward jump-target=cam src-address=10.0.10.0/24
add action=jump chain=forward comment="tjoy: admin" disabled=yes dst-address=\
10.0.0.0/8 jump-target=tjoy src-address=10.95.0.0/16
add action=jump chain=forward comment="tjoy: local" disabled=yes dst-address=\
10.0.0.0/8 jump-target=tjoy src-address=172.30.0.0/16
add action=log chain=forward disabled=yes log-prefix=unmarked packet-mark=\
no-mark
add action=jump chain=forward dst-address=10.0.0.0/8 jump-target=localnet \
src-address=10.0.0.0/8
add action=accept chain=localnet connection-state=established
add action=accept chain=localnet connection-state=related
add action=accept chain=localnet src-address-list=admins
add action=accept chain=localnet src-address-list=vpn
add action=accept chain=localnet log-prefix=locfwdadmin src-address=\
10.0.0.0/24
add action=accept chain=localnet comment= disabled=\
yes dst-address= dst-port= protocol=tcp
add action=accept chain=localnet comment="public: web" dst-address=\
10.0.20.202 dst-port=80,443 protocol=tcp
add action=accept chain=localnet comment="archive: web and ssl" dst-address=\
10.0.20.201 dst-port=80,443 protocol=tcp
add action=accept chain=localnet comment="admin: portstatus for public" \
dst-address=10.0.0.200 dst-port=900 protocol=tcp src-address=10.0.20.202
add action=accept chain=localnet comment="public: smtp" dst-address=\
10.0.20.200 dst-port=25 protocol=tcp src-address=10.0.0.0/16
add action=accept chain=localnet comment="public: smtp (from tjoy)" \
dst-address=10.0.20.200 dst-port=25 protocol=tcp src-address=10.95.1.0/24
add action=accept chain=localnet comment="pubsvcs: smtp" dst-address=\
10.0.20.202 dst-port=25 protocol=tcp src-address=10.0.0.0/16
add action=accept chain=localnet comment="public: ntp" dst-address=\
10.0.20.200 dst-port=123 protocol=udp
add action=accept chain=localnet comment="pubsvcs: ntp" dst-address=\
10.0.20.202 dst-port=123 protocol=udp
add action=accept chain=localnet comment="bacnet: localnet to enteliWEB" \
dst-address= dst-port=80,443 protocol=tcp
add action=accept chain=localnet comment="bacnet: public revprox to grafana" \
dst-address=10.0.12.201 dst-port=3000 protocol=tcp src-address=\
10.0.20.200
add action=accept chain=localnet comment="access: intercoms to voice" \
dst-address=10.0.11.200 protocol=udp src-address=10.0.13.0/24
add action=accept chain=localnet comment="access: voice to intercoms" \
dst-address=10.0.13.0/24 protocol=udp src-address=10.0.11.200
add action=accept chain=localnet comment="access: ssl to public" dst-address=\
10.0.20.202 protocol=tcp src-address=10.0.13.200 src-port=443
add action=accept chain=localnet comment="voice: public to astmgr" \
dst-address=10.0.11.200 dst-port=8000 protocol=tcp src-address=\
10.0.20.200
add action=accept chain=localnet comment="tjoy: public to tjoywifi" \
dst-address=
add action=accept chain=localnet comment=\

add action=log chain=localnet disabled=yes log-prefix=localdrop
add action=drop chain=localnet
add action=accept chain=bacnet connection-state=established
add action=accept chain=bacnet connection-state=related
add action=accept chain=bacnet comment="bacnet: status" disabled=yes \
dst-address=10.0.12.200 dst-port=8000 protocol=tcp src-address=\
10.0.20.200
add action=accept chain=bacnet comment="bacnet: smtp" dst-address=10.0.20.200 \
port=25 protocol=tcp src-address=10.0.12.100
add action=accept chain=bacnet comment="zabbix on admin to enteliweb" \
dst-address=10.0.12.200 dst-port=10050 protocol=tcp src-address=\
10.0.0.203
add action=accept chain=bacnet comment="enteliweb to zabbix" dst-address=\
10.0.0.203 dst-port=10051 protocol=tcp src-address=10.0.12.200
add action=accept chain=bacnet comment="pubsvc NTP" dst-address=10.0.20.202 \
dst-port=123 protocol=udp
add action=log chain=bacnet disabled=yes log-prefix="bacnet reject"
add action=jump chain=forward dst-address=10.0.20.200 jump-target=public
add action=drop chain=forward comment="Drop sip from all except vitelity" \
dst-address=10.0.11.200 src-address=
add action=log chain=forward disabled=yes log-prefix="forward drop" \
src-address=10.0.12.0/24
add action=accept chain=access connection-state=established
add action=accept chain=access connection-state=related
add action=accept chain=access dst-address=10.0.13.200 dst-port=80 protocol=\
tcp src-address=10.0.20.200
add action=accept chain=access dst-address=10.0.13.200 dst-port=443 protocol=\
tcp src-address=10.0.20.200
add action=accept chain=access protocol=tcp src-address-list=vpn
add action=accept chain=access comment="
add action=accept chain=access comment="
add action=accept chain=access comment="
add action=accept chain=access comment="
add action=accept chain=access comment=NTP dst-address=10.0.20.202 dst-port=\
123 log=yes protocol=udp
add action=log chain=access disabled=yes log-prefix="access drop"
add action=reject chain=access disabled=yes reject-with=\
icmp-network-unreachable
add action=accept chain=tjoy connection-state=established
add action=accept chain=tjoy connection-state=related
add action=accept chain=tjoy src-address-list=vpn
add action=accept chain=tjoy comment="tjoy admin server" dst-address=\
10.95.1.254 src-address=10.95.1.0/24
add action=accept chain=tjoy comment="tjoy admin server from team" \
dst-address=10.95.1.254 src-address=172.30.1.0/24
add action=drop chain=tjoy dst-address=10.0.0.0/8
add action=drop chain=tjoy dst-address=172.16.0.0/12
add action=accept chain=tjoy
add action=accept chain=cam connection-state=established
add action=accept chain=cam connection-state=related
add action=accept chain=cam src-address-list=vpn
add action=accept chain=cam src-address-list=admins
add action=accept chain=cam dst-port=80,443 out-interface=eth11-inet \
protocol=tcp
add action=accept chain=cam dst-address=10.0.0.203 dst-port=10051 protocol=\
tcp
add action=accept chain=cam dst-port=10050 protocol=tcp src-address=\
10.0.0.203
add action=accept chain=cam comment="pubsvcs to vms-client for mobile web" \
dst-address=10.0.10.201 dst-port=80,8081,8082 protocol=tcp src-address=\
10.0.20.202
add action=accept chain=cam comment="
add action=accept chain=cam comment="
add action=accept chain=cam comment="
add action=accept chain=cam comment="
add action=accept chain=cam comment="
add action=log chain=cam log-prefix=cam-drop
add action=reject chain=cam
/ip firewall mangle

/ip firewall nat
add action=dst-nat chain=dstnat comment="voice: sip udp" dst-address=\
x.x.x.x dst-port=5060-5061 protocol=udp src-address-list=vitelity \
to-addresses=10.0.11.200 to-ports=5060-5061
add action=dst-nat chain=dstnat comment="voice: sip tcp" dst-address=\
x.x.x.x dst-port=5060-5061 protocol=tcp src-address-list=vitelity \
to-addresses=10.0.11.200 to-ports=5060-5061
add action=dst-nat chain=dstnat comment="voice: rdp" dst-address= x.x.x.x \
dst-port=16000-16999 protocol=udp src-address-list=vitelity to-addresses=\
10.0.11.200 to-ports=16000-16999
add action=dst-nat chain=dstnat comment="voice: udptl" dst-address=\
x.x.x.x protocol=udp src-address-list=vitelity to-addresses=\
10.0.11.200 to-ports=4000-4999
add action=src-nat chain=srcnat comment=voice dst-address=!10.0.0.0/8 \
src-address=10.0.11.200 to-addresses= x.x.x.x
add action=dst-nat chain=dstnat comment="public: http" dst-address=\
x.x.x.x dst-port=80 protocol=tcp to-addresses=10.0.20.202 to-ports=\
80
add action=dst-nat chain=dstnat comment="public: https" dst-address=\
x.x.x.x dst-port=443 protocol=tcp to-addresses=10.0.20.202 to-ports=\
443
add action=src-nat chain=srcnat comment=intercoms dst-address=!10.0.0.0/8 \
src-address-list=intercoms to-addresses= x.x.x.x
add action=src-nat chain=srcnat comment="admin for zabbix" dst-address=\
!10.0.0.0/8 src-address=10.0.0.203 to-addresses= x.x.x.x
add action=accept chain=srcnat comment=localnet dst-address=10.0.0.0/8 \
src-address=10.0.0.0/8
add action=src-nat chain=srcnat comment=units src-address=10.0.0.0/8 \
to-addresses= x.x.x.x
add action=dst-nat chain=dstnat comment=C502 disabled=yes dst-address=\
x.x.x.x to-addresses=10.20.52.5
add action=src-nat chain=srcnat comment=tjoy src-address=172.30.0.0/16 \
to-addresses= x.x.x.x
add action=src-nat chain=srcnat comment="tjoy admin" disabled=yes protocol=\
tcp src-address=10.95.1.0/24 to-addresses= x.x.x.x
add action=dst-nat chain=tjoydstnat comment=tjoygw dst-port=1194 protocol=tcp \
to-addresses=10.95.1.5 to-ports=1194
add action=dst-nat chain=dstnat comment="access: RDP to biostar" disabled=yes \
dst-address= x.x.x.x dst-port=3388 protocol=tcp to-addresses=\
10.0.13.200 to-ports=3389
add action=jump chain=dstnat comment="tjoy inbound" dst-address= x.x.x.x \
jump-target=tjoydstnat protocol=tcp
add action=dst-nat chain=tjoydstnat comment="tjoy cctv" dst-port=80 protocol=\
tcp to-addresses=172.30.1.3 to-ports=80
add action=dst-nat chain=tjoydstnat comment="tjoy cctv" dst-port=50100 \
protocol=tcp to-addresses=172.30.1.3 to-ports=50100
/ip firewall service-port
set sip disabled=yes sip-direct-media=no
/ip route
add distance=1 gateway= x.x.x.x
add distance=1 dst-address= gateway=10.20.52.5
add distance=1 dst-address=172.30.0.0/16 gateway=10.95.1.5
/ip service

/ip traffic-flow
set cache-entries=512k interfaces=eth11-inet
/ip traffic-flow target
add dst-address=10.0.0.204 src-address=10.0.0.1
/lcd
set color-scheme=dark default-screen=stat-slideshow
/ppp secret


/system clock
set time-zone-name=America/Los_Angeles
/system identity
set name=
/system leds
set 0 interface=sfp1-C210A leds=sfp1-led type=interface-activity
set 1 leds=sfp2-led
set 2 leds=sfp3-led
set 3 leds=sfp4-led
/system logging
add prefix=ovpn topics=ovpn
/system ntp client
set enabled=yes server-dns-names=time.nist.gov



[knsadmin@hsgw2018] >
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Inherited a Mikrotik system need some help

Wed Jan 11, 2023 5:25 pm

I dont use vlan1 and dont recommend it but thats your call and thus cannot assist.
One advice,
change your previous post to that using code brackets.......... see above on the same line as B (bold) etc..... the black square with white square brackets....

Who is online

Users browsing this forum: gigabyte091, unhuzpt and 28 guests