# model: RB760iGS # serial-number: A8150A5A7FA7 # firmware-type: mt7621L # current-firmware: 6.46.8 # installed-version: 6.46.8 # Flags: U - undoable, R - redoable, F - floating-undo # ACTION BY POLICY # # software id = P1E0-03HR # # model = RB760iGS # serial number = A8150A5A7FA7 /interface bridge add name=REDE-WIFI /interface ethernet set [ find default-name=ether1 ] comment=LINK set [ find default-name=ether2 ] comment=UNIFI-INTERNO set [ find default-name=ether3 ] comment=UNIFI-EXTERNO set [ find default-name=ether4 ] comment=REDE-INTERNA /interface pppoe-client add add-default-route=yes allow=pap,chap disabled=no interface=ether1 name=mezzanino password=mzn102030 use-peer-dns=yes user=mezzanino /ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot add hotspot-address=192.168.49.1 html-directory=flash/connectspot login-by=cookie,http-pap name=connectspot nas-port-type=ethernet radius-interim-update=15m use-radius=yes /ip hotspot user profile set [ find default=yes ] add-mac-cookie=no idle-timeout=30m keepalive-timeout=30m /ip pool add name=dhcp_pool0 ranges=192.168.49.2-192.168.49.254 add name=dhcp_pool1 ranges=192.168.11.2-192.168.11.254 /ip dhcp-server add address-pool=dhcp_pool0 disabled=no interface=REDE-WIFI name=dhcp1 add address-pool=dhcp_pool1 disabled=no interface=ether4 name=dhcp2 /ip hotspot add address-pool=dhcp_pool0 disabled=no idle-timeout=30m interface=REDE-WIFI keepalive-timeout=30m name=hotspot profile=connectspot /lora servers add address=eu.mikrotik.thethings.industries down-port=1700 name=TTN-EU up-port=1700 add address=us.mikrotik.thethings.industries down-port=1700 name=TTN-US up-port=1700 /routing ospf instance set [ find default=yes ] router-id=10.0.8.50 /snmp community set [ find default=yes ] addresses=143.0.252.0/22 name=SnmP_Se77E /interface bridge port add bridge=REDE-WIFI interface=ether2 add bridge=REDE-WIFI interface=ether3 /ip address add address=192.168.49.1/24 comment=HOTSPOT interface=REDE-WIFI network=192.168.49.0 add address=192.168.11.1/24 comment=REDE-INTERNA interface=ether4 network=192.168.11.0 /ip dhcp-server lease add address=192.168.49.243 client-id=1:18:e8:29:a3:4e:53 comment=SE77E-MEZZANINO-INTERNO mac-address=18:E8:29:A3:4E:53 server=dhcp1 add address=192.168.49.242 client-id=1:18:e8:29:a3:35:f9 comment=SE77E-MEZZANINO-EXTERNO mac-address=18:E8:29:A3:35:F9 server=dhcp1 /ip dhcp-server network add address=192.168.11.0/24 gateway=192.168.11.1 add address=192.168.49.0/24 gateway=192.168.49.1 add address=192.168.77.0/24 gateway=192.168.77.1 /ip firewall filter add action=fasttrack-connection chain=forward connection-state=established,related add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes /ip firewall nat add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes add action=masquerade chain=srcnat comment=HOTSPOT src-address=192.168.49.0/24 add action=masquerade chain=srcnat comment=REDE-INTERNA src-address=192.168.11.0/24 /ip hotspot ip-binding add address=0.0.0.0/0 add address=192.168.49.242 comment=UNIFI mac-address=18:E8:29:A3:35:F9 server=hotspot to-address=192.168.49.242 type=bypassed add address=192.168.49.243 comment=UNIFI mac-address=18:E8:29:A3:4E:53 server=hotspot to-address=192.168.49.243 type=bypassed /ip hotspot walled-garden add dst-host=*connectspot* add dst-host=*cloudfront* add dst-host=*facebook.com* add dst-host=*akamai* add dst-host=*facebook.net* add dst-host=*fbcdn.net* add dst-host=*google-analytics* add dst-host=*doubleclick.net* add dst-host=*.googleapis.com add dst-host=*.googleusercontent.com add dst-host=*.accounts.youtube.com add dst-host=*.apis.google.com add dst-host=*.accounts.google.com add dst-host=accounts.google.com add dst-host=www.google.com add dst-host=www.google.com.br /ip service set telnet disabled=yes port=2377 set ftp disabled=yes set www disabled=yes set ssh address=205.164.78.0/23,143.0.252.0/22,143.0.252.58/32 port=2277 set api disabled=yes set winbox address=143.0.252.0/22,205.164.78.0/23,172.16.77.0/24 set api-ssl disabled=yes /radius add address=52.67.125.75 secret=#edc2016#RFV service=hotspot timeout=10s /radius incoming set accept=yes port=3779 /routing ospf interface add network-type=point-to-point /routing ospf network add area=backbone network=10.0.8.48/30 /snmp set contact=SE77E enabled=yes location=CT trap-version=2 /system clock set time-zone-name=America/Sao_Paulo /system identity set name=1604577735 /system scheduler add interval=1w name=AtualizaHtml on-event=AtualizaHtml policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=may/06/2018 start-time=03:00:00 /system script add dont-require-permissions=no name=ResolveServidorRadius owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="\n:local resolvedIP [:resolve \"radius.connectspot.com.br\"];\n:local radiusID [/radius find secret=\"#edc2016#RFV\"];\n:local currentIP [/radius get \$radiusID address];\n:if (\$resolvedIP != \$currentIP) do={/radius set \$radiusID address=\$resolvedIP; /log info \"IP do servidor Radius atualizado!\";}\n" add dont-require-permissions=no name=AtualizaHtml owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":if ([:len [/file find name=flash]] > 0) do={/tool fetch url=\"https://app.connectspot.com.br/hotspot/login.html\" dst-path=\"/flash/hotspot/login.html\" mode=https;/tool fetch url=\"https://app.connectspot.com.br/hotspot/alogin.html\" dst-path=\"/flash/hotspot/alogin.html\" mode=https; } else={ /tool fetch url=\"https://app.connectspot.com.br/hotspot/login.html\" dst-path=\"hotspot/login.html\" mode=https;/tool fetch url=\"https://app.connectspot.com.br/hotspot/alogin.html\" dst-path=\"hotspot/alogin.html\" mode=https;}" /tool romon set enabled=yes secrets=@a7net@#