# oct/29/2020 19:34:58 by RouterOS 6.47.7 # software id = SZSH-LGYA # # model = RBD52G-5HacD2HnD # serial number = BEEB0B80BB13 /interface bridge add admin-mac=C4:AD:34:08:FC:70 auto-mac=no comment=defconf name=bridge-private /interface ethernet set [ find default-name=ether1 ] name=ether1-wan set [ find default-name=ether2 ] set [ find default-name=ether3 ] set [ find default-name=ether4 ] set [ find default-name=ether5 ] /interface vlan add interface=bridge-private name=vlan-private-10 vlan-id=10 /interface list add comment=defconf name=WAN add comment=defconf name=LAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=\ private-profile supplicant-identity="" /interface wireless set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=20/40mhz-XX comment="WiFi 2.4 GHz" \ country=no_country_set disabled=no distance=indoors frequency=auto frequency-mode=manual-txpower \ installation=indoor mode=ap-bridge name=wifi1 security-profile=private-profile ssid=wifi1 station-roaming=\ enabled wireless-protocol=802.11 set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX comment="WiFi 5 Ghz" country=\ "czech republic" disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge name=wifi2 \ security-profile=private-profile ssid=wifi2 station-roaming=enabled vlan-id=10 wireless-protocol=802.11 /interface wireless manual-tx-power-table set wifi1 set wifi2 /interface wireless nstreme set wifi1 set wifi2 /ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot /ip pool add name=dhcp ranges=192.168.1.2-192.168.1.254 /ip dhcp-server add address-pool=dhcp disabled=no interface=bridge-private lease-time=3d8h name=dhcp1 /interface bridge port add bridge=bridge-private comment=defconf interface=ether2 add bridge=bridge-private comment=defconf interface=ether3 add bridge=bridge-private comment=defconf interface=ether4 add bridge=bridge-private comment=defconf interface=ether5 add bridge=bridge-private comment=defconf interface=wifi1 add bridge=bridge-private comment=defconf interface=wifi2 add bridge=bridge-private interface=vlan-private-10 /ip neighbor discovery-settings set discover-interface-list=LAN /interface list member add comment=defconf interface=bridge-private list=LAN add comment=defconf interface=ether1-wan list=WAN /ip address add address=192.168.1.1/24 interface=ether2 network=192.168.1.0 add address=192.168.5.2/24 interface=ether1-wan network=192.168.5.0 /ip dhcp-client add comment=defconf interface=ether1-wan /ip dhcp-server network add address=192.168.1.0/24 dns-server=8.8.8.8 gateway=192.168.1.1 /ip dns set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8 /ip dns static add address=192.168.1.1 comment=defconf name=router.lan /ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\ established,related,untracked add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1 add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\ established,related,untracked add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN /ip firewall nat add action=masquerade chain=srcnat comment=MASQ out-interface=ether1-wan /ip route add distance=1 gateway=192.168.5.1 /ip route rule add action=lookup-only-in-table dst-address=192.168.1.0/24 table=main /tool mac-server set allowed-interface-list=LAN /tool mac-server mac-winbox set allowed-interface-list=LAN