# model: RB4011iGS+ # serial-number: D4440CB5C344 # firmware-type: al2 # current-firmware: 6.48 # installed-version: 6.48 # Flags: U - undoable, R - redoable, F - floating-undo # ACTION BY POLICY # U user marcos.noc added bruna.noc write # policy # U user marcos.noc removed bruna.noc write # policy # U ip service changed bruna.noc write # U ip service changed bruna.noc write # U ip service changed bruna.noc write # U ip service changed bruna.noc write # U user oxidized added bruna.noc write # policy # U user luan.noc added bruna.noc write # policy # U user scripts.noc removed bruna.noc write # policy # U user oxidized removed bruna.noc write # policy # U config changed jeffrey.noc write # U hotspot server Hotspot changed jeffrey.noc write # U filter rule changed jeffrey.noc write # U filter rule changed jeffrey.noc write # U filter rule removed jeffrey.noc write # U filter rule removed jeffrey.noc write # U nat rule removed jeffrey.noc write # U nat rule removed jeffrey.noc write # U hotspot server Hotspot changed jeffrey.noc write # U filter rule changed jeffrey.noc write # U filter rule moved jeffrey.noc write # U filter rule added jeffrey.noc write # U filter rule moved jeffrey.noc write # U filter rule added jeffrey.noc write # U nat rule added jeffrey.noc write # U nat rule moved jeffrey.noc write # U nat rule added jeffrey.noc write # U user oxidized added bruna.noc write # policy # U user oxidized removed bruna.noc write # policy # U user jose.noc removed bruna.noc write # policy # U user luiz.noc removed bruna.noc write # policy # U ip service changed bruna.noc write # U user oxidized added bruna.noc write # policy # U user marcos.noc added bruna.noc write # policy # # software id = 31QU-WETR # # model = RB4011iGS+ # serial number = D4440CB5C344 /interface bridge add name=loopback /interface ethernet set [ find default-name=ether2 ] comment=ESC-ABA set [ find default-name=sfp-sfpplus1 ] comment=LINK /interface vlan add interface=ether2 name=VLAN-210-ESC-ABA vlan-id=210 add interface=sfp-sfpplus1 name=VLAN-212-PRC vlan-id=212 add interface=sfp-sfpplus1 name=VLAN-500-PRC-WiFi vlan-id=500 /interface ethernet switch port set 0 default-vlan-id=0 set 1 default-vlan-id=0 set 2 default-vlan-id=0 set 3 default-vlan-id=0 set 4 default-vlan-id=0 set 5 default-vlan-id=0 set 6 default-vlan-id=0 set 7 default-vlan-id=0 set 8 default-vlan-id=0 set 9 default-vlan-id=0 set 10 default-vlan-id=0 set 11 default-vlan-id=0 /ip hotspot profile add hotspot-address=10.7.0.1 html-directory=connectspot login-by=http-pap name=ProfileHotspot nas-port-type=ethernet radius-interim-update=15m use-radius=yes /ip hotspot user profile set [ find default=yes ] add-mac-cookie=no idle-timeout=30m keepalive-timeout=30m /ip pool add name=dhcp_pool0 ranges=10.7.0.2-10.7.3.254 /ip dhcp-server add address-pool=dhcp_pool0 authoritative=after-2sec-delay disabled=no interface=VLAN-500-PRC-WiFi lease-time=1h name=dhcp1 /ip hotspot add address-pool=dhcp_pool0 addresses-per-mac=1 disabled=no idle-timeout=30m interface=VLAN-500-PRC-WiFi keepalive-timeout=30m name=Hotspot profile=ProfileHotspot /lora servers add address=eu.mikrotik.thethings.industries down-port=1700 name=TTN-EU up-port=1700 add address=us.mikrotik.thethings.industries down-port=1700 name=TTN-US up-port=1700 /routing bgp instance set default router-id=10.0.8.126 /routing ospf instance set [ find default=yes ] router-id=10.0.8.126 /snmp community set [ find default=yes ] addresses=143.0.252.0/22 name=SnmP_Se77E /ip firewall connection tracking set tcp-established-timeout=1h /ip address add address=10.0.8.126/30 comment=VLAN-212-PRC interface=VLAN-212-PRC network=10.0.8.124 add address=143.0.255.103 comment=Loopback interface=loopback network=143.0.255.103 add address=10.7.0.1/22 comment=WiFi interface=VLAN-500-PRC-WiFi network=10.7.0.0 add address=10.0.8.121/30 comment=VLAN-210-ESC-ABA interface=VLAN-210-ESC-ABA network=10.0.8.120 /ip dhcp-server lease add address=10.7.3.247 client-id=1:e0:63:da:64:c4:19 comment=pracarodoviaria mac-address=E0:63:DA:64:C4:19 server=dhcp1 add address=10.7.3.246 client-id=1:e0:63:da:67:29:52 comment=pracadocoreto mac-address=E0:63:DA:67:29:52 server=dhcp1 add address=10.7.3.245 client-id=1:e0:63:da:67:24:44 comment=pracajardimsantafe mac-address=E0:63:DA:67:24:44 server=dhcp1 add address=10.7.3.244 client-id=1:e0:63:da:67:27:6d comment=pracajoaquinapereira mac-address=E0:63:DA:67:27:6D server=dhcp1 add address=10.7.3.243 client-id=1:e0:63:da:67:23:dc comment=pracasaojudastadeu mac-address=E0:63:DA:67:23:DC server=dhcp1 /ip dhcp-server network add address=10.7.0.0/22 gateway=10.7.0.1 /ip dns set servers=143.0.252.10,143.0.252.20 /ip firewall filter add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes /ip firewall nat add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes add action=same chain=srcnat same-not-by-dst=no src-address=10.7.0.0/22 to-addresses=143.0.255.103 add action=same chain=srcnat protocol=!ospf same-not-by-dst=no src-address=10.0.8.126 to-addresses=143.0.255.103 /ip hotspot ip-binding add address=0.0.0.0/0 add address=10.7.3.243 comment=pracasaojudastadeu mac-address=E0:63:DA:67:23:DC server=Hotspot to-address=10.7.3.243 type=bypassed add address=10.7.3.244 comment=pracajoaquinapereira mac-address=E0:63:DA:67:27:6D server=Hotspot to-address=10.7.3.244 type=bypassed add address=10.7.3.245 comment=pracajardimsantafe mac-address=E0:63:DA:67:24:44 server=Hotspot to-address=10.7.3.245 type=bypassed add address=10.7.3.246 comment=pracadocoreto mac-address=E0:63:DA:67:29:52 server=Hotspot to-address=10.7.3.246 type=bypassed add address=10.7.3.247 comment=pracarodoviaria mac-address=E0:63:DA:64:C4:19 server=Hotspot to-address=10.7.3.247 type=bypassed /ip hotspot walled-garden add dst-host=*connectspot* add dst-host=*cloudfront* add dst-host=*akamai* add dst-host=*facebook.net* add dst-host=*facebook.com* add dst-host=*fbcdn.net* add dst-host=google-analytics* add dst-host=*doubleclick.net* add dst-host=*.accounts.google.com add dst-host=www.google.com.br add dst-host=www.google.com add dst-host=*.apis.google.com add dst-host=*.googleapis.com add dst-host=*.googleusercontent.com add dst-host=*.accounts.youtube.com /ip route add distance=201 gateway=10.0.8.125 /ip service set telnet disabled=yes set ftp disabled=yes port=2121 set www disabled=yes set ssh address=205.164.78.0/23,143.0.252.0/22,143.0.252.58/32 port=2277 set api disabled=yes set winbox address=143.0.252.0/22,205.164.78.0/23 set api-ssl disabled=yes /radius add address=52.67.125.75 secret=#edc2016#RFV service=hotspot src-address=143.0.255.103 timeout=10s add address=10.7.7.106 secret=77acesso service=login src-address=143.0.255.103 /radius incoming set accept=yes port=3779 /routing bgp network add disabled=yes network=143.0.255.103/32 synchronize=no /routing bgp peer add name=peer1 remote-address=10.0.8.125 remote-as=65530 ttl=default /routing ospf interface add network-type=broadcast passive=yes add interface=VLAN-212-PRC network-type=point-to-point add interface=VLAN-210-ESC-ABA network-type=point-to-point /routing ospf network add area=backbone comment=VLAN-212-PRC network=10.0.8.124/30 add area=backbone comment=Loopback network=143.0.255.103/32 add area=backbone comment=VLAN-210-ESC-ABA network=10.0.8.120/30 /snmp set enabled=yes /system clock set time-zone-name=America/Sao_Paulo /system identity set name=1604577735 /system ntp client set enabled=yes primary-ntp=143.0.252.51 secondary-ntp=143.0.252.51 /system scheduler add interval=30m name=ResolveServidorRadius on-event=ResolveServidorRadius policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=may/27/2016 start-time=14:36:50 /system script add dont-require-permissions=no name=ResolveServidorRadius owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":local resolvedIP [:resolve \"radius.connectspot.com.br\"]; :local radiusID [/radius find secret=\"#edc2016#RFV\"]; :local currentIP [/radius get \$radiusID address]; :if (\$resolvedIP != \$currentIP) do={/radius set \$radiusID address=\$resolvedIP; /log info \"IP do servidor Radius atualizado!\";}" /tool romon set enabled=yes secrets=@a7net@# /user aaa set use-radius=yes