Scribd
Upload
30 views5 pages

53833-HPQZ797 RSC

The document outlines a series of configurations for a network device, including user management, interface settings, VLAN configurations, DHCP server setups, and firewall rules. It also includes IPsec VPN settings, SNMP configurations, and system scripts for managing VLAN states based on network conditions. Additionally, it specifies routing, DNS settings, and security measures to ensure proper network functionality and access control.

Uploaded by

Manuel Enrique Renza Montiel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
30 views5 pages

53833-HPQZ797 RSC

The document outlines a series of configurations for a network device, including user management, interface settings, VLAN configurations, DHCP server setups, and firewall rules. It also includes IPsec VPN settings, SNMP configurations, and system scripts for managing VLAN states based on network conditions. Additionally, it specifies routing, DNS settings, and security measures to ensure proper network functionality and access control.

Uploaded by

Manuel Enrique Renza Montiel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

system identity set name=53833-HPQZ797

user add name=telmexuser password=Telmex_Col group=full


user disable admin
/
/interface bridge add name=bridge_LAN
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN
set [ find default-name=ether2 ] name=ether2-Gestion-Electrica
set [ find default-name=ether3 ] name=ether3-AP-Indoor poe-out=forced-on
set [ find default-name=ether4 ] name=ether4-AP-Outdoor1 poe-out=forced-on
set [ find default-name=ether5 ] name=ether5-AP-Outdoor2 poe-out=forced-on
/interface vlan
add interface=bridge_LAN name=vlan-1-Gestion vlan-id=1
add interface=bridge_LAN name=vlan-30-AP-Indoor vlan-id=30
add interface=bridge_LAN name=vlan-40-AP-Outdoor vlan-id=40
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server option
add code=43 name=option43 value=0xc0a80a01
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip ipsec profile
set [ find default=yes ] dh-group=modp1024 dpd-interval=disable-dpd enc-
algorithm=aes-128 hash-algorithm=sha256
add dh-group=modp1024 dpd-interval=disable-dpd enc-algorithm aes-128,camellia-128
lifetime=8h name=vpn-profile2
/ip ipsec peer
add address=192.168.205.2/32 local-address=10.80.6.10 name=VPN-BOGOTA profile=vpn-
profile2
/ip ipsec proposal
add enc-algorithms=aes-128-cbc,aes-128-ctr,aes-128-gcm,camellia-128 lifetime=8h
name=proposal1 pfs-group=none
/
/ip pool add name=Indoor_AP_E410 ranges=10.14.31.11-10.14.31.111
/ip pool add name=OutDoor_AP_E510 ranges=10.114.31.11-10.114.31.211
/ip dhcp-server
add address-pool=Indoor_AP_E410 disabled=no interface=vlan-30-AP-Indoor name=dhcp1
add address-pool=OutDoor_AP_E510 disabled=no interface=vlan-40-AP-Outdoor
name=dhcp2
/queue type
add kind=pcq name=PCQ_UPLOAD pcq-classifier=src-address
add kind=pcq name=PCQ_DOWNLOAD pcq-classifier=dst-address
/queue tree
add max-limit=22384k name=Download parent=global queue=pcq-download-default
add max-limit=9436k name=Upload parent=global queue=pcq-upload-default
add name=Streaming_D packet-mark=streaming parent=Download priority=5
add name=Streaming_U packet-mark=streaming parent=Upload priority=5
add name=Download_D packet-mark=descargas parent=Download
add name=Download_U packet-mark=descargas parent=Upload
add max-limit=17264k name=Gov_Edu_D packet-mark=gov_edu parent=Download priority=2
add limit-at=50M max-limit=50M name=SpeedTest_Entrada packet-mark=SpeedTest_ENTRADA
parent=Download priority=1 queue=pcq-download-default
add limit-at=25M max-limit=25M name=SpeedTest_Salida packet-mark=SpeedTest_SALIDA
parent=Upload priority=1
add limit-at=10358k max-limit=17264k name=Indoor_ENTRADA packet-mark=indoor_ENTRADA
parent=Download priority=3 queue=PCQ_DOWNLOAD
add limit-at=2589k max-limit=4316k name=Indoor_SALIDA packet-mark=indoor_SALIDA
parent=Upload priority=3 queue=PCQ_UPLOAD
add limit-at=6905k max-limit=17264k name=Outdoor_ENTRADA packet-
mark=outdoor_ENTRADA parent=Download priority=3 queue=PCQ_DOWNLOAD
add limit-at=1726k max-limit=4316k name=Outdoor_SALIDA packet-mark=outdoor_SALIDA
parent=Upload priority=3 queue=PCQ_UPLOAD
add name=Otro_Trafico_BAJADA packet-mark=Trafico_Sin_Marca parent=Download
priority=6
add name=Otro_Trafico_SUBIDA packet-mark=Trafico_Sin_Marca parent=Upload priority=6
add max-limit=4316k name=Gov_edu packet-mark=gov_edu parent=Upload priority=2
/snmp community
set [ find default=yes ] addresses=172.16.0.0/24 authentication-password=telmexuser
encryption-password=Telmex_Col write-access=yes
add
addresses=100.123.26.218/32,100.123.26.219/32,100.123.26.220/32,100.123.26.221/32,1
00.123.26.222/32,100.123.26.223/32,100.123.26.207/32,100.123.26.225/32,100.123.26.2
26/32 \
authentication-password=telmexuser encryption-password=Telmex_Col name=MINTIC_CPE
security=authorized
/interface bridge port
add bridge=bridge_LAN interface=ether2-Gestion-Electrica
add bridge=bridge_LAN interface=ether3-AP-Indoor
add bridge=bridge_LAN interface=ether4-AP-Outdoor1
add bridge=bridge_LAN interface=ether5-AP-Outdoor2
/ip address
add address=10.80.6.10 netmask=255.255.255.248 interface=ether1-WAN
network=10.80.6.8
add address=172.25.236.233 netmask=255.255.255.248 interface=bridge_LAN
network=172.25.236.232
add address=10.14.31.1 netmask=255.255.255.0 interface=vlan-30-AP-Indoor
network=10.14.31.0
add address=10.114.31.1 netmask=255.255.255.0 interface=vlan-40-AP-Outdoor
network=10.114.31.0
/ip dhcp-server network
add address=172.25.236.232/29 dns-server=200.26.137.100,200.14.207.210
gateway=172.25.236.233
add address=10.14.31.0/24 dns-server=10.14.31.1,8.8.8.8 gateway=10.14.31.1
add address=10.114.31.0/24 dns-server=10.114.31.1,8.8.8.8 gateway=10.114.31.1
/ip firewall address-list
add address=172.28.103.2 list=speed_test_server
add address=172.28.103.6 list=speed_test_server
add address=172.25.133.10 list=speed_test_server
add address=181.49.90.144 list=speed_test_server
add address=181.49.90.145 list=speed_test_server
add address=181.49.90.146 list=speed_test_server
/ip firewall mangle
add action=add-src-to-address-list address-list=speedtest address-list-
timeout=none-dynamic chain=forward comment="Reportar Speedtest" dst-address=\
172.25.236.232/29 src-address-list=speed_test_server
add action=mark-packet chain=forward dst-address=172.25.236.232/29 new-packet-
mark=SpeedTest_ENTRADA passthrough=no src-address-list=\
speed_test_server
add action=mark-packet chain=forward dst-address-list=speed_test_server new-packet-
mark=SpeedTest_SALIDA passthrough=no src-address=\
172.25.236.232/29
add action=mark-packet chain=forward dst-address=10.14.31.0/24 dst-address-list=""
new-packet-mark=indoor_ENTRADA passthrough=no
add action=mark-packet chain=forward dst-address-list="" new-packet-
mark=indoor_SALIDA passthrough=no src-address=10.14.31.0/24
add action=mark-packet chain=forward dst-address=10.114.31.0/24 dst-address-list=""
new-packet-mark=outdoor_ENTRADA passthrough=no
add action=mark-packet chain=forward dst-address-list="" new-packet-
mark=outdoor_SALIDA passthrough=no src-address=10.114.31.0/24
add action=change-dscp chain=postrouting comment="SpeedTest Salida" dst-address-
list=speed_test_server new-dscp=26 passthrough=yes src-address=\
172.25.236.232/29
add action=mark-packet chain=forward comment="AF21 DSCP18 Gov y Edu" dscp=18 new-
packet-mark=gov_edu passthrough=no
add action=mark-packet chain=forward comment="AF11 DSCP10 VideoStreaming Streaming"
dscp=10 new-packet-mark=streaming passthrough=no
add action=mark-packet chain=forward comment="AF13 DSCP14 Descargas Downloads"
dscp=14 new-packet-mark=descargas passthrough=no
add action=mark-packet chain=forward comment="TRAFICO SIN MARCAR" connection-
mark=no-mark new-packet-mark=Trafico_Sin_Marca passthrough=no
/system script
add dont-require-permissions=no name=disable_vlans owner=telmexuser policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="syst\
em scheduler disable test_detect\r\
\n/interface vlan disable vlan-30-AP-Indoor\r\
\n/interface vlan disable vlan-40-AP-Outdoor\r\
\ndelay 45s\r\
\nsystem script run enable_vlans"
add dont-require-permissions=no name=enable_vlans owner=telmexuser policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/int\
erface vlan enable vlan-30-AP-Indoor\r\
\n/interface vlan enable vlan-40-AP-Outdoor\r\
\nsystem scheduler enable test_detect\r\
\nip firewall address-list remove [/ip firewall address-list find list=\"spee\
dtest\"]\r\
\nsystem script job remove [find owner=telmexuser]\r\
\n"
/ip dns
set allow-remote-requests=yes servers=10.80.6.10,8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat comment="SERVIDORES SPEEDTEST" dst-
address=181.49.90.144/30 out-interface=ether1-WAN src-address=172.25.236.232/29
add action=masquerade chain=srcnat comment="NAT CN MAESTRO" dst-
address=186.80.47.179 out-interface=ether1-WAN src-address=172.25.236.232/29
add action=masquerade chain=srcnat comment="NAT CN MAESTRO" dst-
address=186.80.47.178 out-interface=ether1-WAN src-address=172.25.236.232/29
add action=accept chain=srcnat comment="Acepto RED GESTION" dst-
address=100.123.26.0/23 src-address=172.25.236.232/29
add action=masquerade chain=srcnat comment="Acepto RED GESTION" out-
interface=ether1-WAN src-address=172.25.236.232/29
add action=masquerade chain=srcnat comment="Acepto RED INDOOR" src-
address=10.14.31.0/24
add action=masquerade chain=srcnat comment="Acepto RED OUTDOOR" src-
address=10.114.31.0/24
add action=masquerade chain=srcnat comment=OHMIFY1 dst-address=52.8.185.87 out-
interface=ether1-WAN src-address=172.25.236.232/29
add action=masquerade chain=srcnat comment=OHMIFY2 dst-address=40.71.83.165 out-
interface=ether1-WAN src-address=172.25.236.232/29
/ip ipsec identity
add my-id=address:9.9.9.201 peer=VPN-BOGOTA secret=53833-HPQZ797
/ip ipsec policy
add action=none dst-address=172.25.236.232/29 src-address=172.25.236.232/29
add dst-address=100.123.26.0/23 ipsec-protocols=esp level=unique peer=VPN-BOGOTA
proposal=proposal1 sa-dst-address=192.168.205.2 src-address=172.25.236.232/29
tunnel=yes
add dst-address=10.161.91.12/30 ipsec-protocols=esp level=unique peer=VPN-BOGOTA
proposal=proposal1 sa-dst-address=192.168.205.2 src-address=172.25.236.232/29
tunnel=yes
add dst-address=172.25.65.128/29 ipsec-protocols=esp level=unique peer=VPN-BOGOTA
proposal=proposal1 sa-dst-address=192.168.205.2 src-address=172.25.236.232/29
tunnel=yes
/ip route add gateway=10.80.6.9
/ip service
set telnet disabled=yes
/snmp
set enabled=yes location=53833-HPQZ797 src-address=172.25.236.233 trap-
community=MINTIC_CPE trap-version=3
/system clock
set time-zone-name=America/Bogota
/system identity
set name=Col_53833-HPQZ797
/system note set note="\
\n ###\
\n ### ###\
\n #### ### ### ###\
\n ########## ### ###\
\n #### #### ### ####### ###### ########\
\n #### ### ##### ### ###### ############\
\n ### ### ### ### #### #### ####\
\n #### ### ######## ### ### ### ####\
\n #### #### ### ### ### ### #### ####\
\n ########## ### ######### ### ############\
\n #### ### #### ## ### ########\
\n _______________________________________________________\
\n | Usted esta a punto de utilizar un recurso informatico |\
\n | de uso privado, cualquier intento de acceso quedara |\
\n | registrado y puede tener implicaciones legales. |\
\n | script Ver 1.3 |\
\n |_______________________________________________________|\
\n | You are on the verge of using private resources, any |\
\n | attempt of access will be recorded and can have |\
\n | legal implications. |\
\n | script Ver 1.3 |\
\n |_______________________________________________________|\
\n**************************************************************\
\n* ATENCION: *\
\n* Este equipo es propiedad de: *\
\n* CLARO COLOMBIA - SOLUCIONES F1JAS *\
\n* El uso no autorizado esta estrictamente prohibido. *\
\n* Todos los usuarios son legalmente responsables de sus *\
\n* acciones sobre el sistema y toda actividad sera registrada *\
\n**************************************************************\
\n"
/system ntp client set enabled=yes primary-ntp=172.31.239.199 secondary-
ntp=172.31.215.134 server-dns-names=200.26.137.100
/system package update
set channel=long-term
/system scheduler
add interval=1s name=test_detect on-event=":foreach listItem in=[/ip firewall add\
ress-list find list=speedtest] do={\r\
\nip firewall address-list remove [/ip firewall address-list find list=\"spee\
dtest\"]\r\
\nsystem script run disable_vlans\r\
\n}" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
add name=iniciar_interface on-event="/interface vlan enable vlan-30-AP-Indoor\r\
\n/interface vlan enable vlan-40-AP-Outdoor\r\
\nsystem scheduler enable test_detect" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-time=\
startup
add interval=1m name=check_ipsec on-event=":if ([/ping interface=bridge_LAN
100.123.26.224 count=10\
] = 0) do={\
\n ip ipsec active-peers kill-connections\
\n\r\
\n/system scheduler enable check_ipsec_status\r\
\n/system scheduler disable check_ipsec\r\
\n}" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon
add disabled=yes interval=5s name=check_ipsec_status on-event="if ([/ip ipsec
active-peers find where state=\"established\"]) do={/system scheduler enable
check_ipsec\r\
\n/system scheduler disable check_ipsec_status\r\
\n}" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon
start-time=startup
/

You might also like