#              model: CRS317-1G-16S+
#      serial-number: HD5080CXTAG   
#      firmware-type: dx3230L       
#   current-firmware: 7.16.2        
#   installed-version: 7.18.2
# Flags: U - UNDOABLE
# Columns: ACTION, BY, POLICY, TIME
#   ACTION        BY      POLICY  TIME               
# U item changed  daniel  write   2025-09-28 23:28:03
# U item removed  daniel  write   2025-09-28 23:28:01
# 
# software id = VT6G-U0M0
#
# model = CRS317-1G-16S+
# serial number = HD5080CXTAG
/interface bridge
add admin-mac=18:FD:74:AD:5C:F6 auto-mac=no ingress-filtering=no name=bridge port-cost-mode=short vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] l2mtu=9200 mtu=9000
set [ find default-name=sfp-sfpplus1 ] comment=ValveNetworks l2mtu=9200 mtu=9000
set [ find default-name=sfp-sfpplus2 ] comment="CFN M1" l2mtu=9200 mtu=9000 name=sfp-sfpplus2-CFN-MEL-CORE
set [ find default-name=sfp-sfpplus3 ] l2mtu=9200 mtu=9000
set [ find default-name=sfp-sfpplus4 ] comment="DF 8Ex" l2mtu=9200 loop-protect=on mtu=9000 name=sfp-sfpplus4-8Ex
set [ find default-name=sfp-sfpplus5 ] l2mtu=9200 mtu=9000
set [ find default-name=sfp-sfpplus6 ] comment=Router l2mtu=9200 mtu=9000
set [ find default-name=sfp-sfpplus7 ] comment=SW1 l2mtu=9200 loop-protect=on mtu=9000
set [ find default-name=sfp-sfpplus8 ] comment=SW2 l2mtu=9200 loop-protect=on mtu=9000
set [ find default-name=sfp-sfpplus9 ] comment=SW3 l2mtu=9200 mtu=9000
set [ find default-name=sfp-sfpplus10 ] comment=SW4 l2mtu=9200 mtu=9000
set [ find default-name=sfp-sfpplus11 ] l2mtu=9200 mtu=9000
set [ find default-name=sfp-sfpplus12 ] l2mtu=9200 mtu=9000
set [ find default-name=sfp-sfpplus13 ] l2mtu=9200 mtu=9000
set [ find default-name=sfp-sfpplus14 ] l2mtu=9200 mtu=9000
set [ find default-name=sfp-sfpplus15 ] l2mtu=9200 mtu=9000
set [ find default-name=sfp-sfpplus16 ] l2mtu=9200 mtu=9000
/interface vlan
add interface=bridge name=BR.VL5 vlan-id=5
add interface=bridge name=BR.VL10 vlan-id=10
add interface=bridge name=BR.VL30 vlan-id=30
add interface=bridge name=BR.VL99 vlan-id=99
add interface=bridge name=BR.VL3000 vlan-id=3000
add interface=BR.VL3000 name=BR.VL3000.VL530 vlan-id=530
add interface=bridge name=BR.VL3001 vlan-id=3001
add interface=bridge name=VL26 vlan-id=26
add interface=bridge name=VL300 vlan-id=300
add interface=bridge name=VL3324 vlan-id=3324
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=172.16.2.201-172.16.2.209
/ip dhcp-server
add address-pool=dhcp_pool0 interface=BR.VL5 name=dhcp1
/ip smb users
set [ find default=yes ] disabled=yes
/port
set 0 name=serial0
/snmp community
set [ find default=yes ] name=CFNCOM
/system logging action
add name=Syslog remote=172.16.0.250 src-address=172.16.1.2 target=remote
/interface bridge port
add bridge=bridge ingress-filtering=no interface=sfp-sfpplus1 internal-path-cost=10 path-cost=10
add bridge=bridge edge=no ingress-filtering=no interface=sfp-sfpplus2-CFN-MEL-CORE internal-path-cost=10 path-cost=10
add bridge=bridge edge=no ingress-filtering=no interface=sfp-sfpplus4-8Ex internal-path-cost=10 path-cost=10
add bridge=bridge disabled=yes ingress-filtering=no interface=sfp-sfpplus5 internal-path-cost=10 path-cost=10
add bridge=bridge ingress-filtering=no interface=sfp-sfpplus6 internal-path-cost=10 path-cost=10
add bridge=bridge ingress-filtering=no interface=sfp-sfpplus7 internal-path-cost=10 path-cost=10
add bridge=bridge ingress-filtering=no interface=sfp-sfpplus8 internal-path-cost=10 path-cost=10
add bridge=bridge interface=sfp-sfpplus9 internal-path-cost=10 path-cost=10
add bridge=bridge interface=sfp-sfpplus10 internal-path-cost=10 path-cost=10
add bridge=bridge interface=sfp-sfpplus3 internal-path-cost=10 path-cost=10
add bridge=bridge interface=ether1 pvid=5
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192 soft-max-neighbor-entries=8191
/interface bridge vlan
# sfp-sfpplus5 not a bridge port
add bridge=bridge tagged="bridge,sfp-sfpplus1,sfp-sfpplus2-CFN-MEL-CORE,sfp-sfpplus3,sfp-sfpplus4-8Ex,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus9,sfp-sfpplus10" vlan-ids=3001
add bridge=bridge tagged=bridge,sfp-sfpplus6,sfp-sfpplus4-8Ex,sfp-sfpplus2-CFN-MEL-CORE vlan-ids=10
add bridge=bridge tagged=bridge,sfp-sfpplus6,sfp-sfpplus7 vlan-ids=16
add bridge=bridge tagged=bridge,sfp-sfpplus6,sfp-sfpplus7 vlan-ids=23
add bridge=bridge tagged=bridge,sfp-sfpplus6,sfp-sfpplus7 vlan-ids=25
add bridge=bridge tagged=bridge,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8 vlan-ids=18
add bridge=bridge tagged="bridge,sfp-sfpplus2-CFN-MEL-CORE,sfp-sfpplus4-8Ex,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus9,sfp-sfpplus10" vlan-ids=3000
add bridge=bridge tagged=bridge,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8 vlan-ids=99
add bridge=bridge tagged=bridge,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus10 vlan-ids=26
add bridge=bridge tagged=sfp-sfpplus6,sfp-sfpplus8 vlan-ids=143
add bridge=bridge tagged=sfp-sfpplus6,sfp-sfpplus8 vlan-ids=144
add bridge=bridge tagged=bridge,sfp-sfpplus2-CFN-MEL-CORE,sfp-sfpplus3,sfp-sfpplus4-8Ex vlan-ids=3207
add bridge=bridge tagged="bridge,sfp-sfpplus2-CFN-MEL-CORE,sfp-sfpplus4-8Ex,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus9,sfp-sfpplus10" untagged=ether1 vlan-ids=5
add bridge=bridge tagged=bridge,sfp-sfpplus2-CFN-MEL-CORE,sfp-sfpplus4-8Ex,sfp-sfpplus6 vlan-ids=6
add bridge=bridge tagged=bridge,sfp-sfpplus6,sfp-sfpplus9,sfp-sfpplus10 vlan-ids=11
add bridge=bridge tagged=bridge,sfp-sfpplus6,sfp-sfpplus10 vlan-ids=163
add bridge=bridge tagged=bridge,sfp-sfpplus2-CFN-MEL-CORE,sfp-sfpplus4-8Ex vlan-ids=3324
# sfp-sfpplus5 not a bridge port
add bridge=bridge tagged="bridge,sfp-sfpplus2-CFN-MEL-CORE,sfp-sfpplus3,sfp-sfpplus4-8Ex,sfp-sfpplus5,sfp-sfpplus6" vlan-ids=300
add bridge=bridge tagged="sfp-sfpplus1,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus9,sfp-sfpplus10" vlan-ids=3002
add bridge=bridge tagged=sfp-sfpplus6,sfp-sfpplus9 vlan-ids=141
add bridge=bridge tagged=sfp-sfpplus6,sfp-sfpplus9 vlan-ids=264
/interface ovpn-server server
add auth=sha1,md5 mac-address=FE:C8:EA:23:42:CB name=ovpn-server1
/ip address
add address=192.168.99.253/24 interface=BR.VL99 network=192.168.99.0
add address=172.16.1.2/16 interface=BR.VL5 network=172.16.0.0
add address=10.30.0.3/24 interface=VL300 network=10.30.0.0
add address=192.168.0.97/24 interface=ether1 network=192.168.0.0
/ip dhcp-server network
add address=172.16.0.0/16 gateway=172.16.0.1
/ip dns
set servers=1.1.1.1
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route
add dst-address=0.0.0.0/0 gateway=172.16.0.1
add disabled=no distance=1 dst-address=192.168.255.0/24 gateway=172.16.0.1 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=192.168.1.0/24 gateway=172.16.0.1 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no dst-address=192.168.103.0/24 gateway=172.16.0.1 routing-table=main suppress-hw-offload=no
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip smb shares
set [ find default=yes ] directory=/flash/pub
/radius
add address=172.16.0.1 require-message-auth=no secret=CFNCOM service=login src-address=172.16.1.2
/radius incoming
set accept=yes
/routing bfd configuration
add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5
/snmp
set contact=noc@corefibre.com.au enabled=yes location=Melbourne,Australia trap-community=*1 trap-version=2
/system clock
set time-zone-name=Australia/Sydney
/system identity
set name=SW0.530C.MEL.CFN.net.au
/system logging
add action=Syslog topics=info
add action=Syslog topics=warning
add action=Syslog topics=error
add action=Syslog topics=critical
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=172.16.0.1
/system scheduler
add name=reboot-at-10pm on-event=reboot-schedule policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2024-12-27 start-time=22:00:00
/system script
add dont-require-permissions=no name=reboot-schedule owner=daniel policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/system reboot"
/tool romon
set enabled=yes id=18:FD:74:AD:5D:05 secrets=CFN
/user aaa
set use-radius=yes