#              model: RB760iGS
#      serial-number: A8150AE91B51
#      firmware-type: mt7621L
#   current-firmware: 6.46.8
#   installed-version: 7.5
# Flags: U, F - FLOATING-UNDO
# Columns: ACTION, BY, POLICY
#   ACTION                    BY         POLICY
# U ip service changed        bruna.noc  write 
# U ip service changed        bruna.noc  write 
# U ip service changed        bruna.noc  write 
# U ip service changed        bruna.noc  write 
# U user oxidized added       bruna.noc  write 
#                                        policy
# U user luan.noc added       bruna.noc  write 
#                                        policy
# U user marcos.noc added     bruna.noc  write 
#                                        policy
# U user jose.noc removed     bruna.noc  write 
#                                        policy
# U user oxidized removed     bruna.noc  write 
#                                        policy
# U user marcos.noc removed   bruna.noc  write 
#                                        policy
# U user scripts.noc removed  bruna.noc  write 
#                                        policy
# 
# software id = M6PE-4IUM
#
# model = RB760iGS
# serial number = A8150AE91B51
/interface bridge
add name=REDE-INTERNA
add name=VLAN-70
add name=loopback
/interface ethernet
set [ find default-name=ether1 ] comment=LINK speed=100Mbps
set [ find default-name=ether2 ] comment=SE77E-RB-2 mac-address=6C:3B:6B:A2:06:6E speed=100Mbps
set [ find default-name=ether3 ] mac-address=6C:3B:6B:A2:06:6F speed=100Mbps
set [ find default-name=ether4 ] comment=UNIFI-LANCHONETE mac-address=6C:3B:6B:A2:06:70 speed=100Mbps
set [ find default-name=ether5 ] comment=HOPE-ADMIN-1G mac-address=6C:3B:6B:A2:06:71 speed=100Mbps
/interface vlan
add interface=ether1 name=VLAN-70-PPPoE vlan-id=70
add interface=ether1 name=VLAN-200-HOPE vlan-id=200
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=SE77E-MendesAlimentos
/ip hotspot profile
set [ find default=yes ] login-by=http-chap
add hotspot-address=192.168.1.1 html-directory=flash/connectspot login-by=http-pap name=ProfileHotspot1 nas-port-type=ethernet radius-interim-update=15m use-radius=yes
add hotspot-address=192.168.2.1 html-directory=flash/connectspot login-by=http-pap name=ProfileHotspot2 nas-port-type=ethernet radius-interim-update=15m use-radius=yes
/ip hotspot user profile
set [ find default=yes ] add-mac-cookie=no idle-timeout=30m keepalive-timeout=30m shared-users=unlimited
/ip pool
add name=dhcp_pool1 ranges=192.168.5.2-192.168.5.254
add name=REDE-INTERNA ranges=192.168.7.2-192.168.7.254
add name=PPPoE ranges=172.16.77.0/24
add comment="Aviso Atraso IXCSoft" name=pool_aviso_atraso ranges=172.20.60.0/24
add comment="Bloqueio IXCSoft" name=pool_bloqueio ranges=172.21.60.0/24
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay interface=ether5 lease-time=1d name=dhcp1
add address-pool=REDE-INTERNA interface=REDE-INTERNA lease-time=30m name=dhcp4
/ip hotspot
add address-pool=REDE-INTERNA addresses-per-mac=unlimited idle-timeout=30m interface=REDE-INTERNA keepalive-timeout=30m name=Hotspot1 profile=ProfileHotspot1
/ipv6 pool
add name=POOL-IPv6 prefix=2804:2994:1001::/48 prefix-length=64
add name=pool_aviso_bloqueio_ipv6 prefix=2001:db8:3003::/56 prefix-length=64
/port
set 0 name=serial0
/ppp profile
set *0 local-address=10.0.8.6 remote-address=PPPoE
/queue type
set 0 kind=sfq
set 9 kind=sfq
/routing bgp template
set default disabled=no output.network=bgp-networks router-id=10.0.8.6
/routing ospf instance
add disabled=no name=default-v2 out-filter-chain=ospf-out redistribute=connected router-id=10.0.8.6
add disabled=no name=default-v3 router-id=10.0.8.6 version=3
/routing ospf area
add disabled=no instance=default-v2 name=backbone-v2
add disabled=no instance=default-v3 name=backbone-v3
/snmp community
set [ find default=yes ] addresses=143.0.252.0/22 name=SnmP_Se77E
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,rest-api"
/interface bridge port
add bridge=REDE-INTERNA ingress-filtering=no interface=ether2
add bridge=VLAN-70 interface=VLAN-70-PPPoE
add bridge=REDE-INTERNA interface=ether4
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/ip firewall connection tracking
set tcp-established-timeout=1h
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ipv6 settings
set max-neighbor-entries=8192
/interface ovpn-server server
set auth=sha1,md5
/interface pppoe-server server
add authentication=pap,chap interface=ether4 keepalive-timeout=45 max-mru=1480 max-mtu=1480 mrru=1600 one-session-per-host=yes
/ip address
add address=10.0.8.6/30 comment=VLAN-200-HOPE interface=VLAN-200-HOPE network=10.0.8.4
add address=192.168.5.1/24 comment=HOPE-ADMIN-1G interface=ether5 network=192.168.5.0
add address=192.168.7.1/24 comment=REDE-INTERNA interface=REDE-INTERNA network=192.168.7.0
add address=143.0.255.98 comment=HOPE-ADMIN-1G interface=loopback network=143.0.255.98
add address=143.0.255.99 comment=HOPE interface=loopback network=143.0.255.99
/ip dhcp-server lease
add address=192.168.7.109 client-id=1:7c:fd:6b:2d:be:34 mac-address=7C:FD:6B:2D:BE:34 server=*6
add address=192.168.7.74 client-id=1:ea:40:42:92:28:5a mac-address=EA:40:42:92:28:5A server=*6
add address=192.168.7.7 client-id=1:18:87:40:60:2b:2a mac-address=18:87:40:60:2B:2A server=*6
add address=192.168.7.79 client-id=1:8c:e5:c0:dc:fd:98 mac-address=8C:E5:C0:DC:FD:98 server=*6
add address=192.168.7.114 client-id=1:7c:fd:6b:85:65:10 mac-address=7C:FD:6B:85:65:10 server=*6
add address=192.168.7.88 client-id=1:e8:5a:8b:b7:47:1c mac-address=E8:5A:8B:B7:47:1C server=*6
add address=192.168.7.189 client-id=1:a2:4d:ac:65:10:6c mac-address=A2:4D:AC:65:10:6C server=*6
add address=192.168.7.190 client-id=1:7c:fd:6b:2e:6b:4d mac-address=7C:FD:6B:2E:6B:4D server=*6
add address=192.168.7.140 client-id=1:7c:fd:6b:2d:1:b4 mac-address=7C:FD:6B:2D:01:B4 server=*6
add address=192.168.7.202 client-id=1:18:87:40:60:67:58 mac-address=18:87:40:60:67:58 server=*6
add address=192.168.7.242 client-id=1:8c:e5:c0:db:f7:8c mac-address=8C:E5:C0:DB:F7:8C server=*6
add address=192.168.7.216 client-id=1:8c:e5:c0:d6:1e:22 mac-address=8C:E5:C0:D6:1E:22 server=*6
add address=192.168.7.220 client-id=1:8c:e5:c0:dc:fd:bc mac-address=8C:E5:C0:DC:FD:BC server=*6
add address=192.168.7.254 client-id=1:8c:e5:c0:d6:1e:20 mac-address=8C:E5:C0:D6:1E:20 server=*6
/ip dhcp-server network
add address=192.168.5.0/24 gateway=192.168.5.1
add address=192.168.7.0/24 gateway=192.168.7.1
/ip dns
set servers="143.0.252.10,143.0.252.20,143.0.252.30,2804:2994:77::10,2804:2994:77::20,2804:2994:77::30"
/ip firewall address-list
add address=143.0.252.13 comment="IXCProvedor endereco IP do sistema" list=rede_local
/ip firewall filter
add action=drop chain=forward comment="IXCProvedor regra de aviso atraso" dst-address=!143.0.252.13 protocol=tcp src-address=172.20.60.0/24
add action=drop chain=forward comment="IXCProvedor regra de aviso atraso" dst-address=!143.0.252.13 protocol=tcp src-address-list=aviso_atraso
add action=drop chain=forward comment="IXCProvedor regra de aviso atraso" dst-port=!53 protocol=udp src-address=172.20.60.0/24
add action=drop chain=forward comment="IXCProvedor regra de aviso atraso" dst-port=!53 protocol=udp src-address-list=aviso_atraso
add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!143.0.252.13 protocol=tcp src-address=172.21.60.0/24
add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-address=!143.0.252.13 protocol=tcp src-address-list=aviso_bloqueio
add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address=172.21.60.0/24
add action=drop chain=forward comment="IXCProvedor regra de aviso bloqueio" dst-port=!53 protocol=udp src-address-list=aviso_bloqueio
/ip firewall nat
add action=same chain=srcnat comment=REDE-INTERNA same-not-by-dst=no src-address=192.168.7.0/24 to-addresses=143.0.255.99
add action=same chain=srcnat comment=ADMIN-HOPE same-not-by-dst=no src-address=192.168.5.0/24 to-addresses=143.0.255.98
add action=same chain=srcnat comment=CLIENTE same-not-by-dst=no src-address=172.16.77.0/24 to-addresses=143.0.255.99
add action=dst-nat chain=dstnat comment=REDIRECIONAMENTO-HOPE dst-address=143.0.255.98 to-addresses=192.168.5.254
add action=same chain=srcnat comment=RB disabled=yes protocol=!ospf same-not-by-dst=no src-address=10.0.8.6 to-addresses=143.0.255.99
add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso atraso" dst-address=!143.0.252.13 dst-port=80 protocol=tcp src-address=172.20.60.0/24 to-addresses=143.0.252.13 to-ports=8083
add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso atraso" dst-address=!143.0.252.13 dst-port=80 protocol=tcp src-address-list=aviso_atraso to-addresses=143.0.252.13 to-ports=8083
add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!143.0.252.13 dst-port=80 protocol=tcp src-address=172.21.60.0/24 to-addresses=143.0.252.13 to-ports=8082
add action=dst-nat chain=dstnat comment="IXCProvedor regra de aviso bloqueio" dst-address=!143.0.252.13 dst-port=80 protocol=tcp src-address-list=aviso_bloqueio to-addresses=143.0.252.13 to-ports=8082
/ip hotspot
add address-pool=*4 addresses-per-mac=unlimited idle-timeout=30m interface=ether4 keepalive-timeout=30m name=Hotspot2 profile=ProfileHotspot2
/ip hotspot ip-binding
add address=0.0.0.0/0
add address=192.168.7.250 comment=UNIFI-1 mac-address=B4:FB:E4:D5:94:D5 type=bypassed
add address=192.168.7.249 comment=UNIFI-2 mac-address=B4:FB:E4:D5:90:40 type=bypassed
add address=192.168.7.224 comment=UNIFI-3 mac-address=B4:FB:E4:D5:99:0A type=bypassed
add address=192.168.7.221 comment=UNIFI-4 mac-address=E0:63:DA:3C:97:84 type=bypassed
add address=192.168.7.223 comment=UNIFI-5 mac-address=E0:63:DA:3C:97:80 type=bypassed
add address=192.168.7.88 mac-address=E8:5A:8B:B7:47:1C type=bypassed
add address=192.168.7.190 mac-address=7C:FD:6B:2E:6B:4D type=bypassed
add address=192.168.7.140 mac-address=7C:FD:6B:2D:01:B4 server=Hotspot1 to-address=192.168.7.140 type=bypassed
add address=192.168.7.189 mac-address=A2:4D:AC:65:10:6C server=Hotspot1 to-address=192.168.7.189 type=bypassed
add address=192.168.7.202 mac-address=18:87:40:60:67:58 type=bypassed
add address=192.168.7.109 mac-address=7C:FD:6B:2D:BE:34
add address=192.168.7.7 mac-address=18:87:40:60:2B:2A server=Hotspot1 to-address=192.168.7.7 type=bypassed
add address=192.168.7.114 mac-address=7C:FD:6B:85:65:10 type=bypassed
add address=192.168.7.242 mac-address=8C:E5:C0:DB:F7:8C type=bypassed
add address=192.168.7.216 mac-address=8C:E5:C0:D6:1E:22 type=bypassed
add address=192.168.7.220 mac-address=8C:E5:C0:DC:FD:BC type=bypassed
add address=192.168.7.254 mac-address=8C:E5:C0:D6:1E:20 type=bypassed
add address=192.168.7.79 mac-address=8C:E5:C0:DC:FD:98 type=bypassed
add address=192.168.7.74 mac-address=EA:40:42:92:28:5A type=bypassed
add address=192.168.7.88 mac-address=E8:5A:8B:B7:47:1C server=Hotspot1 to-address=192.168.7.88 type=bypassed
add address=192.168.7.190 mac-address=7C:FD:6B:2E:6B:4D server=Hotspot1 to-address=192.168.7.190 type=bypassed
add address=192.168.7.109 mac-address=7C:FD:6B:2D:BE:34 server=Hotspot1 to-address=192.168.7.109 type=bypassed
add address=192.168.7.202 mac-address=18:87:40:60:67:58 server=Hotspot1 to-address=192.168.7.202 type=bypassed
add address=192.168.7.114 mac-address=7C:FD:6B:85:65:10 server=Hotspot1 to-address=192.168.7.114 type=bypassed
add address=192.168.7.74 mac-address=EA:40:42:92:28:5A server=Hotspot1 to-address=192.168.7.74 type=bypassed
add address=192.168.7.79 mac-address=8C:E5:C0:DC:FD:98 server=Hotspot1 to-address=192.168.7.79 type=bypassed
add address=192.168.7.254 mac-address=8C:E5:C0:D6:1E:20 server=Hotspot1 to-address=192.168.7.254 type=bypassed
add address=192.168.7.220 mac-address=8C:E5:C0:DC:FD:BC server=Hotspot1 to-address=192.168.7.220 type=bypassed
add address=192.168.7.242 mac-address=8C:E5:C0:DB:F7:8C server=Hotspot1 to-address=192.168.7.242 type=bypassed
add address=192.168.7.216 mac-address=8C:E5:C0:D6:1E:22 server=Hotspot1 to-address=192.168.7.216 type=bypassed
/ip hotspot walled-garden
add dst-host=ww.se77e.com.br
add dst-host=*connectspot*
add dst-host=*cloudfront*
add dst-host=*akamai*
add dst-host=*facebook.net*
add dst-host=*facebook.com*
add dst-host=*fbcdn.net*
add dst-host=google-analytics*
add dst-host=*doubleclick.net*
add dst-host=*.accounts.google.com
add dst-host=www.google.com.br
add dst-host=www.google.com
add dst-host=*.apis.google.com
add dst-host=*.googleapis.com
add dst-host=*.googleusercontent.com
add dst-host=*.accounts.youtube.com
/ip route
add disabled=no distance=201 dst-address=0.0.0.0/0 gateway=10.0.8.5
/ip service
set telnet address=143.0.252.0/22 disabled=yes port=2377
set ftp address=143.0.252.13/32 disabled=yes
set www disabled=yes
set ssh address=205.164.78.0/23,143.0.252.0/22,143.0.252.58/32 port=2277
set api address=143.0.252.13/32
set winbox address=143.0.252.0/22,205.164.78.0/23
set api-ssl address=143.0.252.13/32
/ipv6 address
add address=::a comment=REDE-ADMIN from-pool=POOL-IPv6 interface=ether5
add address=2804:2994:1001:ffff:ffff:ffff:ffff:ffff/48 advertise=no interface=loopback
/ipv6 nd
set [ find default=yes ] other-configuration=yes
/ppp aaa
set interim-update=20m use-circuit-id-in-nas-port-id=yes use-radius=yes
/ppp secret
add disabled=yes name=nubiacv password=ncv010477
/radius
add address=143.0.252.13 comment="IXCProvedor configuracao radius" secret=radiusixcsoft service=ppp,hotspot,wireless src-address=10.0.8.6 timeout=3s
add address=52.67.125.75 disabled=yes secret=#edc2016#RFV service=hotspot timeout=10s
/radius incoming
set accept=yes port=3779
/routing bgp connection
add as=65530 cisco-vpls-nlri-len-fmt=auto-bits connect=yes disabled=yes listen=yes local.role=ibgp name=peer1 output.network=bgp-networks remote.address=10.0.8.5 .as=65530 .port=179 router-id=10.0.8.6 routing-table=main templates=default
add as=65530 cisco-vpls-nlri-len-fmt=auto-bits connect=yes disabled=yes listen=yes local.role=ibgp name=peer2 output.network=bgp-networks remote.address=10.0.8.134 .as=65530 .port=179 router-id=10.0.8.6 routing-table=main templates=default
/routing filter rule
add chain=ospf-in disabled=no rule="if (dst==0.0.0.0/0 && protocol ospf) {accept}\r\nif (dst-len in 1-32) { reject; }"
add chain=ospf-out disabled=no rule="if (dst in 10.0.8.4/30) {accept}\r\nif (dst in 143.0.252.0/22) {accept}"
/routing ospf interface-template
add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=VLAN-200-HOPE networks=10.0.8.4/30 priority=1 type=ptp
add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=loopback networks=143.0.255.98 passive priority=1
add area=backbone-v2 auth-id=1 auth-key="" cost=10 disabled=no interfaces=loopback networks=143.0.255.99 passive priority=1
add area=backbone-v3 cost=10 disabled=no interfaces=loopback priority=1
add area=backbone-v3 cost=10 disabled=no interfaces=VLAN-200-HOPE priority=1 type=ptp
/snmp
set enabled=yes
/system clock
set time-zone-name=America/Sao_Paulo
/system identity
set name=SETTE-HOPE
/system leds
add interface=ether2 leds="" type=interface-activity
add interface=ether3 leds="" type=interface-activity
add interface=ether4 leds="" type=interface-activity
add interface=ether5 leds="" type=interface-activity
/system ntp client
set enabled=yes
/system ntp server
set manycast=yes
/system ntp client servers
add address=143.0.252.51
/system scheduler
add interval=30m name=ResolveServidorRadius on-event=ResolveServidorRadius policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=may/27/2016 start-time=14:36:50
add interval=1d name=IXCProvedor_agendamento-backup on-event=IXCProvedor-fazer-e-enviar-backup policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=mar/28/2023 start-time=04:00:00
/system script
add dont-require-permissions=no name=ResolveServidorRadius owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":local resolvedIP [:resolve \"radius.connectspot.com.br\"]; :local radiusID [/radius find secret=\"#edc2016#RFV\"]; :local currentIP [/radius get \$radiusID address]; :if (\$resolvedIP != \$currentIP) do={/radius set \$radiusID address=\$resolvedIP; /log info \"IP do servidor Radius atualizado!\";}"
add dont-require-permissions=no name=IXCProvedor-fazer-e-enviar-backup owner=ixc.soft policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="export file=backup-mikrotik_SETTE_HOPE.rsc; :log info message=\"IXCSoft enviando backup por email\"; /tool e-mail send to=\"backup.noc@se77e.com.br\" subject=\"backup-SETTE_HOPE\" file=backup-mikrotik_SETTE_HOPE.rsc start-tls=yes"
/system watchdog
set automatic-supout=no ping-start-after-boot=10m watchdog-timer=no
/tool e-mail
set address=plesk.se77e.com.br from=backup.noc@se77e.com.br password=8Pfhy4*0 user=backup.noc@se77e.com.br
/tool romon
set enabled=yes secrets=@a7net@#