Scribd
Upload
97 views10 pages

Mikrotik Configuration Template

The document provides a template configuration for Mikrotik routers. It includes configuration details for the device identity, interfaces, IP addresses, routing, DHCP, firewall rules and port forwarding.

Uploaded by

Mario Alexander Ramirez Moreno
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLS, PDF, TXT or read online on Scribd
97 views10 pages

Mikrotik Configuration Template

The document provides a template configuration for Mikrotik routers. It includes configuration details for the device identity, interfaces, IP addresses, routing, DHCP, firewall rules and port forwarding.

Uploaded by

Mario Alexander Ramirez Moreno
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLS, PDF, TXT or read online on Scribd
You are on page 1/ 10

PLANTILLA CONFIGURACIN MIKROTIK

/system identity
set name=ALFONSO CANON
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
disabled=no forward-delay=15s max-message-age=20s mtu=1500 \
name=bridge_LAN priority=0x8000 protocol-mode=rstp transmit-hold-count=6
/interface bridge port
add bridge=bridge_LAN disabled=no edge=auto external-fdb=auto horizon=none \
interface=ether2 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge_LAN disabled=no edge=auto external-fdb=auto horizon=none \
interface=ether5 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge_LAN disabled=no edge=auto external-fdb=auto horizon=none \
interface=ether4 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge_LAN disabled=no edge=auto external-fdb=auto horizon=none \
interface=ether3 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge_LAN disabled=no edge=auto external-fdb=auto horizon=none \
interface=wlan1 path-cost=10 point-to-point=auto priority=0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/ip address
add address=192.168.0.1/24 comment=RED_LAN disabled=no interface=bridge_LAN network=192.168.0.0
add address=201.184.82.122/29 comment=RED_WAN disabled=no interface=ether1 network=201.184.82.120
/ip route
add comment=Ruta_Internet disabled=no distance=1 dst-address=0.0.0.0/0 gateway=201.184.82.121 scope=30 target-scope
/ip firewall nat
add action=masquerade chain=srcnat comment=NAT_Internet disabled=no out-interface=ether1
/ip service
set telnet disabled=no port=23
set ftp disabled=yes port=21
set www disabled=no port=8089
set ssh disabled=yes port=22
set www-ssl certificate=none disabled=yes port=443
set api disabled=yes port=8728
set winbox disabled=no port=52798
/system ntp client
set enabled=yes mode=unicast primary-ntp=200.13.235.188 secondary-ntp=0.0.0.0
/system clock
set time-zone-name=America/Bogota
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start="jan/01/1970 00:00:00" time-zone=+00:00
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 servers=200.13.249.101,200
/ip pool
add name=dhcp_pool1 ranges=192.168.0.2-192.168.0.253
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=static disabled=no interface=bridge_LAN lease-ti
/ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.1
/snmp
set contact="" enabled=yes engine-id="" location="" trap-version=1
/snmp community
add address=0.0.0.0/0 authentication-password="" authentication-protocol=MD5 encryption-password="" encryption-protocol=
read-access=yes security=none write-access=no
/ip firewall filter
add action=accept chain=input disabled=no dst-address=192.168.0.1 in-interface=bridge_LAN src-address=192.168.0.184
add action=accept chain=input disabled=no in-interface=ether1 src-address=201.233.146.153
add action=accept chain=input disabled=no in-interface=ether1 src-address=200.13.250.0/24
add action=accept chain=input disabled=no in-interface=ether1 src-address=200.13.249.83-200.13.249.254
add action=accept chain=input disabled=no in-interface=ether1 src-address=200.13.225.133
add action=accept chain=input disabled=no in-interface=ether1 src-address=201.184.82.121
add action=drop chain=input disabled=no in-interface=bridge_LAN src-address= 0.0.0.0/0
add action=drop chain=input disabled=no in-interface=ether1 src-address=0.0.0.0/0
/ip neighbor discovery
set ether1 disabled=yes
set wlan1 disabled=yes
set bridge_LAN disabled=yes
..
..
..
DATOS DE CONFIGURACIN
NOMBRE DEL EQUIPO ALFONSO CANON
RED LAN 192.168.0.0
IP LAN MIKROTIK 192.168.0.1
MASCARA RED LAN /24
RED WAN 201.184.82.120
IP PBLICA / MSK 201.184.82.122/29
DEFAULT GATEWAY 201.184.82.121

CONFIGURACIN DHCP
RED / MSK 192.168.0.0/24
GATEWAY 192.168.0.1
RANGO 192.168.0.2-192.168.0.253
GESTION
PUERTO DE GESTION WINBOX 52798
IP GESTION LAN 192.168.0.184
PLANTILLA CONFIGURACIN MIKROTIK, PERMITE TENER LAS IP PUBLICAS EN EL PTO ETHER
/system identity
set name=IMPORMOTOR
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
disabled=no forward-delay=15s max-message-age=20s mtu=1500 \
name=bridge_LAN priority=0x8000 protocol-mode=rstp transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
disabled=no forward-delay=15s max-message-age=20s mtu=1500 \
name=bridge_WAN priority=0x8000 protocol-mode=rstp transmit-hold-count=6
/interface bridge port
add bridge=bridge_WAN disabled=no edge=auto external-fdb=auto horizon=none \
interface=ether1 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge_WAN disabled=no edge=auto external-fdb=auto horizon=none \
interface=ether2 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge_LAN disabled=no edge=auto external-fdb=auto horizon=none \
interface=ether5 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge_LAN disabled=no edge=auto external-fdb=auto horizon=none \
interface=ether4 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge_LAN disabled=no edge=auto external-fdb=auto horizon=none \
interface=ether3 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge_LAN disabled=no edge=auto external-fdb=auto horizon=none \
interface=wlan1 path-cost=10 point-to-point=auto priority=0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/ip address
add address=192.168.1.254/24 comment=RED_LAN disabled=no interface=bridge_LAN network=192.168.1.0
add address=181.143.185.106/29 comment=RED_WAN disabled=no interface=ether1 network=181.143.185.104
/ip route
add comment=Ruta_Internet disabled=no distance=1 dst-address=0.0.0.0/0 gateway=181.143.185.105 scope=30 target-scop
/ip firewall nat
add action=masquerade chain=srcnat comment=NAT_Internet disabled=no out-interface=bridge_WAN
/ip service
set telnet disabled=no port=23
set ftp disabled=yes port=21
set www disabled=no port=8089
set ssh disabled=yes port=22
set www-ssl certificate=none disabled=yes port=443
set api disabled=yes port=8728
set winbox disabled=no port=52798
/system ntp client
set enabled=yes mode=unicast primary-ntp=200.13.235.188 secondary-ntp=0.0.0.0
/system clock
set time-zone-name=America/Bogota
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start="jan/01/1970 00:00:00" time-zone=+00:00
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 servers=200.13.249.101,200
/ip pool
add name=dhcp_pool1 ranges=192.168.1.10-192.168.1.253
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=static disabled=no interface=bridge_LAN lease-ti
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.254
/snmp
set contact="" enabled=yes engine-id="" location="" trap-version=1
/snmp community
add address=0.0.0.0/0 authentication-password="" authentication-protocol=MD5 encryption-password="" encryption-protocol=
read-access=yes security=none write-access=no
/ip firewall filter
add action=accept chain=input disabled=no dst-address=192.168.1.254 in-interface=bridge_LAN src-address=192.168.1.184
add action=accept chain=input disabled=no in-interface=ether1 src-address=201.233.146.153
add action=accept chain=input disabled=no in-interface=ether1 src-address=200.13.250.0/24
add action=accept chain=input disabled=no in-interface=ether1 src-address=200.13.249.83-200.13.249.254
add action=accept chain=input disabled=no in-interface=ether1 src-address=200.13.225.133
add action=accept chain=input disabled=no in-interface=ether1 src-address=181.143.185.105
add action=drop chain=input disabled=no in-interface=bridge_LAN src-address= 0.0.0.0/0
add action=drop chain=input disabled=no in-interface=ether1 src-address=0.0.0.0/0
/ip neighbor discovery
set ether1 disabled=yes
set wlan1 disabled=yes
set bridge_LAN disabled=yes
..
..
..
DATOS DE CONFIGURACIN
NOMBRE DEL EQUIPO IMPORMOTOR
RED LAN 192.168.1.0
IP LAN MIKROTIK 192.168.1.254
MASCARA RED LAN /24
RED WAN 181.143.185.104
IP PBLICA / MSK 181.143.185.106/29

DEFAULT GATEWAY 181.143.185.105

CONFIGURACIN DHCP
RED / MSK 192.168.1.0/24
GATEWAY 192.168.1.254
RANGO 192.168.1.10-192.168.1.253
GESTION
PUERTO DE GESTION WINBOX 52798
IP GESTION LAN 192.168.1.184
PORTFORWARDING
/ip firewall nat
add action=dst-nat chain=dstnat comment=CAMARA \
disabled=no dst-address=181.143.185.106 dst-port=23-65535 protocol=udp \
to-addresses=192.168.1.87 to-ports=23-65535
DATOS
SERVICIO CAMARA
IP DESTINO 192.168.1.87
PUERTO LAN 23-65535
IP PUBLICA 181.143.185.106
PUERTO WAN 23-65535

You might also like