![]() ![]() ip dhcp-client add comment=defconf dhcp-options=hostname,clientid interface=ether1-wan-master ip address add address=98.153.21.138/30 interface=ether1-wan-master network=x.x.x.x interface list member add comment=defconf interface=ether1-wan-master list=WAN interface list member add comment=defconf interface=ether2 list=LAN snmp community add addresses=::/0 name=uVfzZZilzotAtUq read-access=no write-access=yes snmp community add addresses=::/0 name=RqBpmdRYBUs0Jdb ip dhcp-server add address-pool=dhcp_pool4 disabled=no interface="vlan 200 eth 5" lease-time=1h name=dhcp4 ip dhcp-server add address-pool=dhcp_pool3 disabled=no interface="vlan 100 eth 5" lease-time=1h name=dhcp3 ip dhcp-server add address-pool=dhcp_pool2 disabled=no interface="vlan 11 eth 5" lease-time=1h name=dhcp2 ![]() ip dhcp-server add address-pool=dhcp_pool1 disabled=no interface="vlan 10 eth 5" lease-time=1h name=dhcp1 ip dhcp-server add address-pool=default-dhcp disabled=no interface=ether2 name=defconf ip hotspot profile set html-directory=flash/hotspot ip dhcp-server option sets add name=Ruckus options=Option43,Option60 ip dhcp-server option add code=60 name=Option60 value="'Ruckus CPE'" ![]() ip dhcp-server option add code=43 name=Option43 value=xx interface wireless security-profiles set supplicant-identity=MikroTik ![]() interface list add comment=defconf name=LAN interface list add comment=defconf name=WAN interface vlan add interface="ether5 trunk" name="vlan 200 eth 5" vlan-id=200 interface vlan add interface="ether5 trunk" name="vlan 100 eth 5" vlan-id=100 interface vlan add interface="ether5 trunk" name="vlan 11 eth 5" vlan-id=11 interface vlan add interface="ether5 trunk" name="vlan 10 eth 5" vlan-id=10 ip neighbor discovery set ether1-wan-master discover=no interface ethernet set name="ether5 trunk" interface ethernet set master-port=ether1-wan-master Add action=accept chain=input dst-port=8291 in-interface=ether1-wan-master protocol=tcpĪdd action=accept chain=input in-interface=all-ethernetĪdd action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedĪdd action=drop chain=input comment="defconf: drop invalid" connection-state=invalidĪdd action=accept chain=input comment="defconf: accept ICMP" protocol=icmp src-address-list=xĪdd action=accept chain=input dst-port=80 in-interface=ether1-wan-master protocol=tcp src-address-list=xĪdd action=accept chain=input dst-port=21 in-interface=ether1-wan-master protocol=tcp src-address-list=xĪdd action=accept chain=input dst-port=161 in-interface=ether1-wan-master protocol=tcp src-address-list=xĪdd action=accept chain=input dst-port=8728 in-interface=ether1-wan-master protocol=tcp src-address-list=xĪdd action=drop chain=forward comment="deny intervlan traffic" in-interface=!ether1-wan-master out-interface=all-vlanĪdd action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LANĪdd action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsecĪdd action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsecĪdd action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,relatedĪdd action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untrackedĪdd action=drop chain=forward comment="defconf: drop invalid" connection-state=invalidĪdd action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WANĬode: Select all /interface ethernet set name=ether1-wan-master ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |