#              model: RB4011iGS+
#      serial-number: HD908C4MQ0P
#      firmware-type: al2
#   current-firmware: 7.11
#   installed-version: 7.12.1
# Flags: U - UNDOABLE
# Columns: ACTION, BY, POLICY, TIME
#   ACTION              BY         POLICY  TIME               
# U ip service changed  bruna.noc  write   2024-09-15 08:46:42
# 
# 2024-10-03 21:15:41 by RouterOS 7.12.1
# software id = C8FE-PN4P
#
# model = RB4011iGS+
# serial number = HD908C4MQ0P
/interface bridge
add name=loopback
/interface ethernet
set [ find default-name=ether1 ] comment=LINK
set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no comment=TRUNK-SW speed=1G-baseX
/interface vlan
add interface=sfp-sfpplus1 name=VLAN-96-GR-SW vlan-id=96
add interface=ether1 name=VLAN-227-HOPE-ALB vlan-id=227
add interface=sfp-sfpplus1 name=VLAN-240-ADM vlan-id=240
add interface=sfp-sfpplus1 name=VLAN-500-REDE-WIFI vlan-id=500
/interface list
add name=N-CONFIAVEIS
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool1 ranges=192.168.80.2-192.168.80.254
add name=dhcp_pool2 ranges=192.168.76.2-192.168.77.254
/ip dhcp-server
add address-pool=dhcp_pool2 interface=VLAN-500-REDE-WIFI name=dhcp1
/ipv6 pool
add name=POOL_IPv6 prefix=2804:2994:c004::/48 prefix-length=64
/port
set 0 name=serial0
set 1 name=serial1
/routing ospf instance
add disabled=no in-filter-chain=ospf_in name=default-v2 out-filter-chain=ospf-out redistribute=connected router-id=10.0.8.46
add disabled=no name=default-v3 router-id=10.0.8.46 version=3
/routing ospf area
add disabled=no instance=default-v2 name=backbone-v2
add disabled=no instance=default-v3 name=backbone-v3
/snmp community
set [ find default=yes ] addresses=143.0.252.0/22 name=SnmP_Se77E
/ip firewall connection tracking
set tcp-established-timeout=1h
/ip neighbor discovery-settings
set discover-interface-list=!N-CONFIAVEIS
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add interface=VLAN-240-ADM list=N-CONFIAVEIS
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=10.0.8.46/30 comment=VLAN-227-HOPE-ALB interface=VLAN-227-HOPE-ALB network=10.0.8.44
add address=192.168.76.1/23 comment="REDE- WIFI" interface=VLAN-500-REDE-WIFI network=192.168.76.0
add address=143.0.252.95 interface=loopback network=143.0.252.95
add address=10.10.3.1/30 comment=GR-SW interface=VLAN-96-GR-SW network=10.10.3.0
add address=10.10.20.1 comment=VLAN-240-ADMIN interface=VLAN-240-ADM network=143.0.252.203
/ip dhcp-server lease
add address=192.168.77.245 client-id=1:f4:e2:c6:19:74:46 comment=UNIFI-BICICLETA mac-address=F4:E2:C6:19:74:46 server=dhcp1
add address=192.168.77.244 client-id=1:d0:21:f9:29:cc:b9 comment=UNIFI-MUSCULACAO mac-address=D0:21:F9:29:CC:B9 server=dhcp1
add address=192.168.77.243 client-id=1:d0:21:f9:29:cc:b2 comment=UNIFI-MUSCULACAO-2 mac-address=D0:21:F9:29:CC:B2 server=dhcp1
add address=192.168.77.241 client-id=1:f4:e2:c6:19:74:71 comment="UNIFI- ESTEIRAS" mac-address=F4:E2:C6:19:74:71 server=dhcp1
add address=192.168.77.240 client-id=1:f4:e2:c6:19:74:e6 comment="UNIFI-DAN\C7A" mac-address=F4:E2:C6:19:74:E6 server=dhcp1
add address=192.168.77.239 client-id=1:d0:21:f9:29:ce:53 comment=UNIFI-MUSCULACAO-3 mac-address=D0:21:F9:29:CE:53 server=dhcp1
add address=192.168.77.238 client-id=1:f4:e2:c6:19:74:24 comment=UNIFI-ADM mac-address=F4:E2:C6:19:74:24 server=dhcp1
add address=192.168.77.237 client-id=1:f4:e2:c6:19:75:22 comment=UNIFI-HOPE-VEST-FEMI mac-address=F4:E2:C6:19:75:22 server=dhcp1
add address=192.168.77.236 client-id=1:f4:e2:c6:19:6f:2 comment=UNIFI-VEST-MASC mac-address=F4:E2:C6:19:6F:02 server=dhcp1
/ip dhcp-server network
add address=192.168.76.0/23 gateway=192.168.76.1
/ip dns
set servers=143.0.252.10,143.0.252.20,143.0.252.30
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yes
/ip firewall nat
add action=same chain=srcnat same-not-by-dst=no src-address=192.168.76.0/23 to-addresses=143.0.252.95
add action=same chain=srcnat protocol=!ospf same-not-by-dst=no src-address=10.0.8.46 to-addresses=143.0.252.95
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh address=205.164.78.0/23,143.0.252.0/22,143.0.252.58/32 port=2277
set api disabled=yes
set winbox address=143.0.252.0/22,205.164.78.0/23
set api-ssl disabled=yes
/ipv6 address
add address=2804:2994:c004:ffff:ffff:ffff:ffff:ffff/48 advertise=no interface=loopback
add address=::a comment=HOPE-ADMIN from-pool=POOL_IPv6 interface=VLAN-240-ADM
add address=::b comment=REDE-WiFi from-pool=POOL_IPv6 interface=VLAN-500-REDE-WIFI
add address=fc00:0:80::12/125 advertise=no interface=VLAN-227-HOPE-ALB
/ipv6 nd
set [ find default=yes ] other-configuration=yes
/routing bfd configuration
add disabled=no interfaces=all min-rx=200us min-tx=200us multiplier=5
/routing filter rule
add chain=ospf-out disabled=no rule="if (dst in 10.0.8.44/30) {accept}\r\nif (dst in 143.0.252.0/22) {accept}\r\nif (dst in 10.10.3.0/30) {accept}"
add chain=ospf_in disabled=no rule="if (dst==0.0.0.0/0) { accept }"
/routing ospf interface-template
add area=backbone-v2 comment=VLAN-227-HOPE-ALB disabled=no interfaces=VLAN-227-HOPE-ALB networks=10.0.8.44/30 type=ptp
add area=backbone-v3 comment=loopback disabled=no interfaces=loopback passive
add area=backbone-v3 disabled=no interfaces=VLAN-227-HOPE-ALB networks=fc00:0:80::10/125 type=ptp
/snmp
set contact=SE77E enabled=yes location=CT trap-version=2
/system clock
set time-zone-name=America/Sao_Paulo
/system identity
set name=SE77E-HOPE-ALB
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=10.7.7.103
/system resource irq rps
set sfp-sfpplus1 disabled=no
/system watchdog
set automatic-supout=no watchdog-timer=no