# feb/19/2019 11:59:31 by RouterOS 6.39.1
# software id = 4EMC-GD1H
#
/interface bridge
add name=bridge-guest
add fast-forward=no name=bridge1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name=5.G \
supplicant-identity="" wpa-pre-shared-key="******************" \
wpa2-pre-shared-key=*******************
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed name=profile_guest supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-onlyn country=italy disabled=no \
distance=indoors frequency=5200 frequency-mode=superchannel \
max-station-count=30 mode=ap-bridge radio-name="TERMINALE B2" rx-chains=\
0,1 security-profile=5.G ssid=MARTARELLO_5G tx-chains=0,1 \
wds-default-bridge=bridge1 wds-ignore-ssid=yes wds-mode=dynamic wps-mode=\
disabled
add default-forwarding=no disabled=no keepalive-frames=disabled mac-address=\
E6:8D:8C:0D:2F:03 master-interface=wlan1 multicast-buffering=disabled \
name=guest-wifi security-profile=profile_guest ssid=MARTARELLO_OSPITE \
wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp_pool0 ranges=10.10.10.2-10.10.10.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge-guest lease-time=2h \
name=dhcp1
/queue simple
add name=Global target=192.168.0.0/24,192.168.88.0/24,10.10.10.0/24
/queue type
add kind=pcq name=pcq-download-guest pcq-classifier=dst-address pcq-rate=4M
add kind=pcq name=pcq-upload-guest pcq-classifier=src-address pcq-rate=400k
/queue simple
add name="guest users" parent=Global queue=\
pcq-upload-guest/pcq-download-guest target=10.10.10.0/24
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=wlan1
add bridge=bridge-guest interface=guest-wifi
/interface l2tp-server server
set caller-id-type=ip-address
/ip address
add address=192.168.88.11/24 interface=ether1 network=192.168.88.0
add address=192.168.0.150/24 interface=ether1 network=192.168.0.0
add address=10.10.10.1/24 interface=bridge-guest network=10.10.10.0
/ip dhcp-server network
add address=10.10.10.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.10.10.1
/ip dns
set servers=192.168.0.5,192.168.0.15
/ip firewall address-list
add address=10.10.10.2-10.10.10.254 list="guest users"
/ip firewall filter
add action=drop chain=input comment="block guest users to local ports" \
dst-address=10.10.10.1 dst-port=80,21,22,23,8291 protocol=tcp \
src-address-list="guest users"
add action=drop chain=input comment="block guests users to aln" dst-address=\
192.168.0.0/24 src-address-list="guest users"
add action=drop chain=input comment="block guests users to aln" dst-address=\
192.168.88.0/24 src-address-list="guest users"
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=192.168.0.150 to-addresses=\
10.10.10.0/24
add action=src-nat chain=srcnat src-address=10.10.10.0/24 to-addresses=\
192.168.0.150
/ip route
add distance=1 gateway=192.168.0.254
/system clock
set time-zone-name=Europe/Rome
/system identity
set name="TERMINALE B2"
/system leds
set 0 interface=wlan1
# feb/19/2019 12:02:19 by RouterOS 6.39.1
# software id = UH59-35YN
#
/interface bridge
add name=bridge-guest
add fast-forward=no name=bridge1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name="5 G" \
supplicant-identity="" wpa-pre-shared-key="******************" \
wpa2-pre-shared-key=***********************
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed name=profile-guest supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] country=italy disabled=no frequency=5260 \
frequency-mode=superchannel max-station-count=30 mode=ap-bridge \
radio-name="TERMINALE B1" rx-chains=0,1 security-profile="5 G" ssid=\
MARTARELLO_5G tx-chains=0,1 wds-default-bridge=bridge1 wds-ignore-ssid=\
yes wds-mode=dynamic wps-mode=disabled
add default-forwarding=no disabled=no keepalive-frames=disabled mac-address=\
E6:8D:8C:0B:F0:36 master-interface=wlan1 multicast-buffering=disabled \
name=guest-wifi security-profile=profile-guest ssid=MARTARELLO_OSPITE \
wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp_pool0 ranges=10.10.10.2-10.10.10.254
add name=dhcp_pool1 ranges=192.168.11.2-192.168.11.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge-guest lease-time=2h \
name=dhcp1
add address-pool=dhcp_pool1 disabled=no lease-time=2h name=dhcp2
/queue simple
add name=Global target=192.168.88.0/24,10.10.10.0/24
/queue type
add kind=pcq name=pcq-download-guest pcq-classifier=dst-address pcq-rate=4M
add kind=pcq name=pcq-upload-guest pcq-classifier=src-address pcq-rate=400k
/queue simple
add name=guest parent=Global queue=pcq-upload-guest/pcq-download-guest \
target=10.10.10.0/24
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=wlan1
add bridge=bridge-guest interface=guest-wifi
/interface l2tp-server server
set caller-id-type=ip-address
/ip address
add address=192.168.88.3/24 interface=ether1 network=192.168.88.0
add address=10.10.10.1/24 interface=bridge-guest network=10.10.10.0
/ip dhcp-server network
add address=10.10.10.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.10.10.1
add address=192.168.11.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.11.1
/ip firewall address-list
add address=10.10.10.2-10.10.10.254 list="guest users"
/ip firewall filter
add action=drop chain=input comment="block guest users to local ports" \
dst-address=10.10.10.1 dst-port=80,21,22,23,8291 protocol=tcp \
src-address-list="guest users"
add action=drop chain=input comment="block guests to lan" dst-address=\
192.168.88.0/24 src-address-list="guest users"
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=192.168.88.3 to-addresses=\
10.10.10.0/24
add action=src-nat chain=srcnat src-address=10.10.10.0/24 to-addresses=\
192.168.88.3
/system identity
set name="TERMINALE B1"
/system leds
set 0 interface=wlan1
Visitano il forum: Nessuno e 4 ospiti