classic.ISPforum.cz

Fórum československých telekomunikací
https://classic.ispforum.cz/

Mikrotik CR switch - management VLAN - doplněno

https://classic.ispforum.cz/viewtopic.php?f=5&t=21340

Stránka 1 z 1

Mikrotik CR switch - management VLAN - doplněno

Napsal: 09 Nov 2016 10:27
od hol
udělal jsem místo printu exporty a doplnil obrázek

Zdarec,

řeším prvně VLANy na MK a funguje myslím vše, kromě management vlany. Jel jsem podle návodu zde na začátku

http://wiki.mikrotik.com/wiki/Manual:CR ... figuration

Princip je jednoduchý, mám jeden vstupní port (uplink CCR), do toho jde jen tagovaná komunikace (vlany 4, 46, 96, 290) z nadřazeného MK. Tagy pak zahazuju a ven na odchozí porty jde komunikace už netagovaná. Management chci mít na jedné z vlan, konkétně na té 290 přístupný uplinkem.

Vlan 290 jsem přiřadil portu uplink CCR. Vlaně dal IP 192.168.214.2/24 a na nadřazeném routeru je to stejné, vlan 290 k odchozímu portu a IP 192.168.214.5/24. Čekal bych ping, ale nejde to. Co je blbě? děkuji.

Nastavení mám takto:

/interface ethernet
set [ find default-name=ether1 ] name="ether1-uplink CCR"
set [ find default-name=sfp1 ] master-port="ether1-uplink CCR" name=sfp1-290
set [ find default-name=sfp2 ] master-port="ether1-uplink CCR" name=sfp2-46
set [ find default-name=sfp3 ] master-port="ether1-uplink CCR" name=sfp3-4,5
set [ find default-name=sfp4 ] master-port="ether1-uplink CCR"
set [ find default-name=sfp5 ] master-port="ether1-uplink CCR" name=sfp5-289-dolu
set [ find default-name=sfp6 ] master-port="ether1-uplink CCR" name=sfp6-96
set [ find default-name=sfp7 ] master-port="ether1-uplink CCR"
set [ find default-name=sfp8 ] master-port="ether1-uplink CCR"
set [ find default-name=sfp9 ] master-port="ether1-uplink CCR"
set [ find default-name=sfp10 ] master-port="ether1-uplink CCR"
set [ find default-name=sfpplus1 ] disabled=yes

/interface vlan
add interface="ether1-uplink CCR" l2mtu=1584 name=vlan290 vlan-id=290

/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports="ether1-uplink CCR,sfp1-290,sfp2-46,sfp3-4,5,sfp6-96"
/interface ethernet switch egress-vlan-tag
add tagged-ports="ether1-uplink CCR" vlan-id=96
add tagged-ports="ether1-uplink CCR" vlan-id=46
add tagged-ports="ether1-uplink CCR" vlan-id=4
add tagged-ports="switch1-cpu,ether1-uplink CCR" vlan-id=290
add disabled=yes tagged-ports="ether1-uplink CCR" vlan-id=287
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=96 ports=sfp6-96 sa-learning=yes
add customer-vid=0 new-customer-vid=46 ports=sfp2-46 sa-learning=yes
add customer-vid=0 new-customer-vid=290 ports=sfp1-290 sa-learning=yes
add customer-vid=0 new-customer-vid=4 ports=sfp3-4,5 sa-learning=yes
/interface ethernet switch vlan
add ports="sfp6-96,ether1-uplink CCR" vlan-id=96
add ports="sfp2-46,ether1-uplink CCR" vlan-id=46
add ports="switch1-cpu,sfp1-290,ether1-uplink CCR" vlan-id=290
add ports="sfp3-4,5,ether1-uplink CCR" vlan-id=4

Re: Mikrotik CR switch - management VLAN

Napsal: 09 Nov 2016 18:59
od hol
To to nikdo nemate? Chapu, slozitej dotaz :) Tak mi aspon reknete, zda to nekomu funguje jak ma. Abych mel aspon motivaci badat.

Re: Mikrotik CR switch - management VLAN

Napsal: 09 Nov 2016 19:03
od ludvik
nojo, osm hodin, co si to dovolujeme neodpovědět ...

VLAN je interface jako každé jiné. Ethernet jako VLAN ... proto s tím má problém fakt málokdo.

Re: Mikrotik CR switch - management VLAN

Napsal: 09 Nov 2016 20:52
od hol
ludvik píše:nojo, osm hodin, co si to dovolujeme neodpovědět ...

VLAN je interface jako každé jiné. Ethernet jako VLAN ... proto s tím má problém fakt málokdo.


ale no tak, nejde o čas, ale o 70 čtenářů příspěvku. To není málo, tak mě překvapilo že nic.

Jinak jsi mi 2x nepomoh. Vlany fungujou jak mají, jakože switchem prochází a u odchozích portů se zahodí. Co nejde, tak je přístup přímo na switch přes uplink, kde je vše tagované. Chápu, že dělám něco blbě, ale nevim co. To je celý.

Re: Mikrotik CR switch - management VLAN

Napsal: 09 Nov 2016 22:19
od ludvik
Já se v tom výpisu neorientuji. Koukat do toho hodinu si dovolit nemůžu. Kromě toho to není kompletní. A spíš by se hodil výpis "export", než "print".

Co řekla základní diagnostika? Pakety oschází a přichází? Co torch či sniffer, nebo countery na portech?

Re: Mikrotik CR switch - management VLAN

Napsal: 09 Nov 2016 23:17
od loopie
Hezký den,
management VLAN na CRS používám. Je potřeba nakombinovat nastaveni v menu switch a interface/VLAN. Řekněme, že mám na portech 2-24 nastaven masterport ether1. Ether24 je uplink s tagovanými VLANami - nastaveno v menu switch. Managementova VLAN musí být nastavena jako tagovaná v menu switch na uplinku(ether24), masterportu switche (ether1) a switch1-cpu. Potom v interface/VLAN vytvoříš management VLAN na masterportu switche (ether1) - nastavíš IP a je to.

Jarda

Re: Mikrotik CR switch - management VLAN

Napsal: 10 Nov 2016 09:40
od hol
ludvik píše:Já se v tom výpisu neorientuji. Koukat do toho hodinu si dovolit nemůžu. Kromě toho to není kompletní. A spíš by se hodil výpis "export", než "print".

Co řekla základní diagnostika? Pakety oschází a přichází? Co torch či sniffer, nebo countery na portech?


máš pravdu, exporty jsou o dost přehlednější. Vyměnil jsem to v prvním příspěvku. Diagnostika toho v režimu switche právě moc neukáže :( Každ. díky moc.

Re: Mikrotik CR switch - management VLAN

Napsal: 10 Nov 2016 09:42
od hol
loopie píše:Hezký den,
management VLAN na CRS používám. Je potřeba nakombinovat nastaveni v menu switch a interface/VLAN. Řekněme, že mám na portech 2-24 nastaven masterport ether1. Ether24 je uplink s tagovanými VLANami - nastaveno v menu switch. Managementova VLAN musí být nastavena jako tagovaná v menu switch na uplinku(ether24), masterportu switche (ether1) a switch1-cpu. Potom v interface/VLAN vytvoříš management VLAN na masterportu switche (ether1) - nastavíš IP a je to.

Jarda


také díky. Mám pocit, že to takhle mám až na to, že uplink je zároveň master port. To je záhada.

Re: Mikrotik CR switch - management VLAN - doplněno

Napsal: 25 Nov 2016 11:53
od reset
zdravim,


jak nastavit u CRS switchu zmenu jedne jiz otagovane vlany na jinou ?

vlan 11 --> vlan12 (a zpet)

diky

Re: Mikrotik CR switch - management VLAN - doplněno

Napsal: 26 Nov 2016 17:22
od reset
uz nepotrebuji, po vyresetovani a stejneho nastaveni zacalo vse fungovat

Re: Mikrotik CR switch - management VLAN - doplněno

Napsal: 06 Oct 2017 17:59
od mimicko
Zdravim
Skusam na stole podobny sposob, kde sa cez jednu man Vlan chcem dostat iba na switch cez jeho uplink na ktorom je router.
Na vsetkych portoch Switcha sa dostanem cez VLAN nim pridelenym na Router a dalej, ale cez router sa neviem dostat na switch.
Ked pingam cez winbox tool tak ping vo VLAN chodi medzi zariadeniami. Ale z Pc za routerom sa uz na IP vlan switcha nedostanem.
Zapojenie.jpg
Zapojenie.jpg (60.88 KiB) Zobrazeno 5238 x

neviete mi poradit , alebo ma nasmerovat? Prikladam obrazok narychlo a exporty
Dakujem
switch:

Kód: Vybrat vše

# jan/02/1970 03:16:34 by RouterOS 6.41rc38
# model = CRS112-8G-4S
/interface bridge
add fast-forward=no igmp-snooping=no name=bridge1 protocol-mode=none
/interface vlan
add interface=bridge1 name=vlan99 vlan-id=99
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether8
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether8 vlan-id=110
add tagged-ports=ether8 vlan-id=111
add tagged-ports=ether8 vlan-id=112
add tagged-ports=ether8 vlan-id=113
add tagged-ports=ether8 vlan-id=114
add tagged-ports=ether8 vlan-id=115
add tagged-ports=switch1-cpu,ether8 vlan-id=99
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=110 ports=ether1
add customer-vid=0 new-customer-vid=111 ports=ether2
add customer-vid=0 new-customer-vid=112 ports=ether3
add customer-vid=0 new-customer-vid=113 ports=ether4
add customer-vid=0 new-customer-vid=114 ports=ether5
add customer-vid=0 new-customer-vid=115 ports=ether6
/interface ethernet switch vlan
add ports=ether1,ether8 vlan-id=110
add ports=ether2,ether8 vlan-id=111
add ports=ether3,ether8 vlan-id=112
add ports=ether4,ether8 vlan-id=113
add ports=ether5,ether8 vlan-id=114
add ports=ether6,ether8 vlan-id=115
add ports=switch1-cpu,ether8 vlan-id=99
/ip address
add address=192.168.99.2/24 interface=vlan99 network=192.168.99.0


router:

Kód: Vybrat vše

# jan/01/2002 01:27:06 by RouterOS 3.30
#
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
    comment="" disabled=no forward-delay=15s l2mtu=1526 max-message-age=20s \
    mtu=1500 name=bridge1 priority=0x8000 protocol-mode=none \
    transmit-hold-count=6
/interface ethernet
set 0 arp=enabled auto-negotiation=yes comment="" disabled=no full-duplex=yes \
    l2mtu=1526 mac-address=00:0C:42:2E:8C:C1 mtu=1500 name=ether1 speed=\
    100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1522 mac-address=00:0C:42:2E:8C:C2 \
    master-port=none mtu=1500 name=ether2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=yes full-duplex=yes mac-address=00:0C:42:2E:8C:C3 \
    master-port=none mtu=1500 name=ether3 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=yes full-duplex=yes mac-address=00:0C:42:2E:8C:C4 \
    master-port=none mtu=1500 name=ether4 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1522 mac-address=00:0C:42:2E:8C:C5 \
    master-port=none mtu=1500 name=ether5 speed=100Mbps
/interface vlan
add arp=enabled comment="" disabled=no interface=bridge1 l2mtu=1522 mtu=1500 \
    name=VLAN111 use-service-tag=no vlan-id=111
add arp=enabled comment="" disabled=no interface=bridge1 l2mtu=1522 mtu=1500 \
    name=VLAN112 use-service-tag=no vlan-id=112
add arp=enabled comment="" disabled=no interface=bridge1 l2mtu=1522 mtu=1500 \
    name=VLAN113 use-service-tag=no vlan-id=113
add arp=enabled comment="" disabled=no interface=bridge1 l2mtu=1522 mtu=1500 \
    name=VLAN114 use-service-tag=no vlan-id=114
add arp=enabled comment="" disabled=no interface=bridge1 l2mtu=1522 mtu=1500 \
    name=VLAN115 use-service-tag=no vlan-id=115
add arp=enabled comment="" disabled=no interface=bridge1 l2mtu=1522 mtu=1500 \
    name=VLAN116 use-service-tag=no vlan-id=116
add arp=enabled comment="" disabled=no interface=bridge1 l2mtu=1522 mtu=1500 \
    name=VLAN99 use-service-tag=no vlan-id=99
add arp=enabled comment="" disabled=no interface=bridge1 l2mtu=1522 mtu=1500 \
    name=VLAN110 use-service-tag=no vlan-id=110
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \
    http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap \
    name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
    use-radius=no
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default shared-users=\
    1 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m \
    name=default pfs-group=modp1024
/ip pool
add name=pool101 ranges=192.168.101.2-192.168.101.254
add name=pool100 ranges=192.168.100.100-192.168.100.254
add name=pool102 ranges=192.168.102.2-192.168.102.254
add name=pool107 ranges=192.168.107.2-192.168.107.254
add name=pool106 ranges=192.168.106.2-192.168.106.254
add name=pool105 ranges=192.168.105.2-192.168.105.254
add name=pool104 ranges=192.168.104.2-192.168.104.254
add name=pool103 ranges=192.168.103.2-192.168.103.254
add name=pool9 ranges=192.168.9.2-192.168.9.254
add name=pool99 ranges=192.168.99.2-192.168.99.200
/ip dhcp-server
add address-pool=pool101 authoritative=after-2sec-delay bootp-support=static \
    disabled=no interface=VLAN111 lease-time=1d name=server101
add address-pool=pool102 authoritative=after-2sec-delay bootp-support=static \
    disabled=no interface=VLAN112 lease-time=1d name=server102
add address-pool=pool103 authoritative=after-2sec-delay bootp-support=static \
    disabled=no interface=VLAN113 lease-time=1d name=server103
add address-pool=pool104 authoritative=after-2sec-delay bootp-support=static \
    disabled=no interface=VLAN114 lease-time=1d name=server104
add address-pool=pool105 authoritative=after-2sec-delay bootp-support=static \
    disabled=no interface=VLAN115 lease-time=1d name=server105
add address-pool=pool107 authoritative=after-2sec-delay bootp-support=static \
    disabled=no interface=ether2 lease-time=1d name=server107
add address-pool=pool100 authoritative=after-2sec-delay bootp-support=static \
    disabled=yes interface=bridge1 lease-time=1d name=server100
add address-pool=pool99 authoritative=after-2sec-delay bootp-support=static \
    disabled=no interface=VLAN99 lease-time=1d name=server99
/port
set 0 baud-rate=auto data-bits=8 flow-control=none name=serial0 parity=none \
    stop-bits=1
/ppp profile
set default change-tcp-mss=yes comment="" name=default only-one=default \
    use-compression=default use-encryption=default use-vj-compression=default
set default-encryption change-tcp-mss=yes comment="" name=default-encryption \
    only-one=default use-compression=default use-encryption=yes \
    use-vj-compression=default
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \
    sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
    red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\
    5
set default-small kind=pfifo name=default-small pfifo-limit=10
/routing bgp instance
set default as=65530 client-to-client-reflection=yes comment="" disabled=no \
    ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
    no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
    redistribute-static=no router-id=0.0.0.0
/routing ospf area
set backbone area-id=0.0.0.0 authentication=none disabled=no name=backbone \
    type=default
/snmp
set contact="" enabled=no engine-boots=0 engine-id="" location="" \
    time-window=15 trap-sink=0.0.0.0 trap-version=1
/snmp community
set public address=0.0.0.0/0 authentication-password="" \
    authentication-protocol=MD5 encryption-password="" encryption-protocol=\
    DES name=public read-access=yes security=none write-access=no
/system logging action
set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory
set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
    disk-stop-on-full=no name=disk target=disk
set echo name=echo remember=yes target=echo
set remote bsd-syslog=no name=remote remote=0.0.0.0:514 src-address=0.0.0.0 \
    syslog-facility=daemon syslog-severity=auto target=remote
/system routerboard settings
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet \
    boot-protocol=bootp cpu-frequency=300MHz enable-jumper-reset=yes \
    enter-setup-on=any-key force-backup-booter=no
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet \
    boot-protocol=bootp cpu-frequency=300MHz enable-jumper-reset=yes \
    enter-setup-on=any-key force-backup-booter=no
/user group
add comment="" name=read policy="local,telnet,ssh,reboot,read,test,winbox,pass\
    word,web,sniff,sensitive,!ftp,!write,!policy"
add comment="" name=write policy="local,telnet,ssh,reboot,read,write,test,winb\
    ox,password,web,sniff,sensitive,!ftp,!policy"
add comment="" name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy\
    ,test,winbox,password,web,sniff,sensitive"
/user
add address=0.0.0.0/0 comment="system default user" disabled=no group=full \
    name=admin
/interface bridge port
add bridge=bridge1 comment="" disabled=no edge=auto external-fdb=auto \
    horizon=none interface=ether1 path-cost=10 point-to-point=auto priority=\
    0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
    no
/interface ethernet mirror
set mirror-port=none source-port=none
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
    default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
    default enabled=no keepalive-timeout=60 mac-address=FE:FA:17:FB:FD:E2 \
    max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption \
    enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.101.1/24 broadcast=192.168.101.255 comment="" disabled=no \
    interface=VLAN111 network=192.168.101.0
add address=192.168.107.1/24 broadcast=192.168.107.255 comment="" disabled=no \
    interface=ether2 network=192.168.107.0
add address=192.168.106.1/24 broadcast=192.168.106.255 comment="" disabled=no \
    interface=VLAN116 network=192.168.106.0
add address=192.168.105.1/24 broadcast=192.168.105.255 comment="" disabled=no \
    interface=VLAN115 network=192.168.105.0
add address=192.168.104.1/24 broadcast=192.168.104.255 comment="" disabled=no \
    interface=VLAN114 network=192.168.104.0
add address=192.168.103.1/24 broadcast=192.168.103.255 comment="" disabled=no \
    interface=VLAN113 network=192.168.103.0
add address=192.168.102.1/24 broadcast=192.168.102.255 comment="" disabled=no \
    interface=VLAN112 network=192.168.102.0
add address=192.168.100.1/24 broadcast=192.168.100.255 comment="" disabled=no \
    interface=VLAN110 network=192.168.100.0
add address=192.168.99.1/24 broadcast=192.168.99.255 comment="" disabled=no \
    interface=VLAN99 network=192.168.99.0
/ip dhcp-client
add add-default-route=yes comment="" default-route-distance=0 disabled=no \
    interface=ether5 use-peer-dns=yes use-peer-ntp=yes
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.99.0/24 comment="" dns-server=8.8.8.8 gateway=\
    192.168.99.1
add address=192.168.100.0/24 comment="" dns-server=8.8.8.8 gateway=\
    192.168.100.1
add address=192.168.101.0/24 comment="" dns-server=8.8.8.8 gateway=\
    192.168.101.1
add address=192.168.102.0/24 comment="" dns-server=8.8.8.8 gateway=\
    192.168.102.1
add address=192.168.103.0/24 comment="" dns-server=8.8.8.8 gateway=\
    192.168.103.1
add address=192.168.104.0/24 comment="" dns-server=8.8.8.8 gateway=\
    192.168.104.1
add address=192.168.105.0/24 comment="" dns-server=8.8.8.8 gateway=\
    192.168.105.1
add address=192.168.106.0/24 comment="" dns-server=8.8.8.8 gateway=\
    192.168.106.1
add address=192.168.107.0/24 comment="" dns-server=8.8.8.8 gateway=\
    192.168.107.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
    max-udp-packet-size=512 primary-dns=192.168.1.1 secondary-dns=\
    195.146.132.58
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
    tcp-close-wait-timeout=10s tcp-established-timeout=1d \
    tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
    tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
    tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall service-port
set ftp disabled=yes ports=21
set tftp disabled=yes ports=69
set irc disabled=yes ports=6667
set h323 disabled=yes
set sip disabled=yes ports=5060,5061
set pptp disabled=yes
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set ether1 discover=yes
set ether2 discover=yes
set ether3 discover=yes
set ether4 discover=yes
set ether5 discover=yes
set VLAN111 discover=no
set VLAN112 discover=no
set VLAN113 discover=no
set VLAN114 discover=no
set VLAN115 discover=no
set VLAN116 discover=no
set VLAN99 discover=no
set VLAN110 discover=no
set bridge1 discover=yes
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
    cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\
    600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
    parent-proxy-port=0 port=8080 serialize-connections=no src-address=\
    0.0.0.0
/ip service
set telnet address=0.0.0.0/0 disabled=no port=23
set ftp address=0.0.0.0/0 disabled=no port=21
set www address=0.0.0.0/0 disabled=no port=80
set ssh address=0.0.0.0/0 disabled=no port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=yes port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
    inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/queue interface
set ether1 queue=ethernet-default
set ether2 queue=ethernet-default
set ether3 queue=ethernet-default
set ether4 queue=ethernet-default
set ether5 queue=ethernet-default
set VLAN111 queue=default
set VLAN112 queue=default
set VLAN113 queue=default
set VLAN114 queue=default
set VLAN115 queue=default
set VLAN116 queue=default
set VLAN99 queue=default
set VLAN110 queue=default
set bridge1 queue=default
/radius incoming
set accept=no port=3799
/routing igmp-proxy
set query-interval=2m5s query-response-interval=10s quick-leave=no
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
    gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
    0.0.0.0 timeout=1m ttl=50
/routing ospf
set distribute-default=never metric-bgp=20 metric-connected=20 \
    metric-default=1 metric-rip=20 metric-static=20 mpls-te-area=unspecified \
    mpls-te-router-id=unspecified redistribute-bgp=no redistribute-connected=\
    no redistribute-rip=no redistribute-static=no router-id=0.0.0.0
/routing pim
set switch-to-spt=no switch-to-spt-bytes=0 switch-to-spt-interval=0s
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
    metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
    redistribute-connected=no redistribute-ospf=no redistribute-static=no \
    timeout-timer=3m update-timer=30s
/store
add comment="" disabled=no disk=system name=user-manager1 type=user-manager
add comment="" disabled=no disk=system name=web-proxy1 type=web-proxy
/system clock
set time-zone-name=manual
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
    "jan/01/1970 00:00:00" time-zone=+00:00
/system console
add disabled=no port=serial0 term=vt102
/system health
set
/system identity
set name=MikroTik
/system logging
add action=memory disabled=no prefix="" topics=info
add action=memory disabled=no prefix="" topics=error
add action=memory disabled=no prefix="" topics=warning
add action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=no mode=unicast primary-ntp=192.168.1.1 secondary-ntp=\
    208.66.175.36
/system ntp server
set broadcast=no enabled=no manycast=yes multicast=no
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
    0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
    none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\
    100
/tool e-mail
set from=<> password="" server=0.0.0.0:25 username=""
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
add disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
/tool sniffer
set file-limit=10 file-name="" filter-address1=0.0.0.0/0:0-65535 \
    filter-address2=0.0.0.0/0:0-65535 filter-protocol=ip-only filter-stream=\
    yes interface=all memory-limit=10 only-headers=no streaming-enabled=no \
    streaming-server=0.0.0.0
/tool user-manager customer
add comment="" disabled=no login=admin parent=admin password="" \
    paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
    permissions=owner signup-allowed=no subscriber=admin time-zone=+00:00
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no
Všechny časy jsou v UTC+02:00
Stránka 1 z 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/