# model: CRS309-1G-8S+ # serial-number: HD608B7CQ05 # firmware-type: dx3230L # current-firmware: 7.16.2 # installed-version: 7.18.2 # Flags: U - UNDOABLE # Columns: ACTION, BY, POLICY, TIME # ACTION BY POLICY TIME # U changed snmp settings daniel write 2025-09-28 23:15:08 # U item changed daniel write 2025-09-28 23:15:06 # U item removed daniel write 2025-09-28 23:15:03 # # software id = M9W2-JFW4 # # model = CRS309-1G-8S+ # serial number = HD608B7CQ05 /interface bridge add admin-mac=18:FD:74:B2:CD:7C auto-mac=no ingress-filtering=no name=bridge port-cost-mode=short protocol-mode=none vlan-filtering=yes /interface ethernet set [ find default-name=ether1 ] l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus1 ] comment=Router l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus2 ] auto-negotiation=no comment=L26-T1-Link1 l2mtu=1596 loop-protect=on speed=1G-baseX set [ find default-name=sfp-sfpplus3 ] comment="L12 Customer Tenancy HA-1" l2mtu=1596 loop-protect=on set [ find default-name=sfp-sfpplus4 ] auto-negotiation=no comment=L18 l2mtu=1596 loop-protect=on speed=1G-baseX set [ find default-name=sfp-sfpplus5 ] comment=L18-T1 l2mtu=1596 loop-protect=off set [ find default-name=sfp-sfpplus6 ] auto-negotiation=no comment="Podium L4 T2" l2mtu=1596 loop-protect=off speed=1G-baseX set [ find default-name=sfp-sfpplus7 ] comment="L23-530C Customer Tenancy Network Handoff" l2mtu=1596 loop-protect=on set [ find default-name=sfp-sfpplus8 ] comment=L16 l2mtu=1596 loop-protect=on /interface vlan add interface=bridge name=BR.VL5 vlan-id=5 add interface=bridge name=BR.VL25 vlan-id=25 add interface=bridge name=BR.VL99 vlan-id=99 add interface=bridge name=BR.VL3001 vlan-id=3001 add interface=bridge name=VL3000 vlan-id=3000 /interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip smb users set [ find default=yes ] disabled=yes /port set 0 name=serial0 /snmp community set [ find default=yes ] name=CFNCOM /system logging action add name=Syslog remote=172.16.0.250 src-address=172.16.1.3 target=remote /interface bridge port add bridge=bridge ingress-filtering=no interface=sfp-sfpplus2 internal-path-cost=10 multicast-router=disabled path-cost=10 pvid=3000 add bridge=bridge ingress-filtering=no interface=sfp-sfpplus1 internal-path-cost=10 multicast-router=disabled path-cost=10 add bridge=bridge ingress-filtering=no interface=sfp-sfpplus8 internal-path-cost=10 path-cost=10 pvid=16 add bridge=bridge ingress-filtering=no interface=sfp-sfpplus7 internal-path-cost=10 path-cost=10 pvid=23 add bridge=bridge ingress-filtering=no interface=sfp-sfpplus6 internal-path-cost=10 path-cost=10 pvid=3000 add bridge=bridge ingress-filtering=no interface=sfp-sfpplus5 internal-path-cost=10 path-cost=10 pvid=18 add bridge=bridge ingress-filtering=no interface=sfp-sfpplus3 internal-path-cost=10 path-cost=10 pvid=3000 add bridge=bridge ingress-filtering=no interface=sfp-sfpplus4 internal-path-cost=10 path-cost=10 pvid=3000 /ip firewall connection tracking set udp-timeout=10s /ip neighbor discovery-settings set discover-interface-list=!dynamic /ip settings set max-neighbor-entries=8192 /ipv6 settings set disable-ipv6=yes /interface bridge vlan add bridge=bridge tagged=sfp-sfpplus1 vlan-ids=10 add bridge=bridge tagged=bridge,sfp-sfpplus1 untagged=sfp-sfpplus8 vlan-ids=16 add bridge=bridge tagged=bridge,sfp-sfpplus1 untagged=sfp-sfpplus7 vlan-ids=23 add bridge=bridge tagged=bridge,sfp-sfpplus1,sfp-sfpplus2 untagged=sfp-sfpplus6 vlan-ids=25 add bridge=bridge tagged=bridge,sfp-sfpplus1 untagged=sfp-sfpplus5 vlan-ids=18 add bridge=bridge tagged=bridge,sfp-sfpplus1 untagged=sfp-sfpplus4,sfp-sfpplus3,sfp-sfpplus2,sfp-sfpplus6 vlan-ids=3000 add bridge=bridge tagged=bridge,sfp-sfpplus1,sfp-sfpplus2 vlan-ids=99 add bridge=bridge tagged=bridge,sfp-sfpplus1,sfp-sfpplus2 vlan-ids=26 add bridge=bridge tagged=bridge,sfp-sfpplus3,sfp-sfpplus1,sfp-sfpplus2 vlan-ids=3001 add bridge=bridge tagged=bridge,sfp-sfpplus1,sfp-sfpplus2 vlan-ids=143 add bridge=bridge tagged=sfp-sfpplus1,sfp-sfpplus2 vlan-ids=144 add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=5 /interface ovpn-server server add auth=sha1,md5 mac-address=FE:8D:C1:41:A1:D2 name=ovpn-server1 /interface pppoe-server server add interface=sfp-sfpplus6 service-name=service1 /ip address add address=192.168.99.252/24 interface=BR.VL99 network=192.168.99.0 add address=172.16.1.3/16 interface=BR.VL5 network=172.16.0.0 /ip dns set servers=1.1.1.1,8.8.4.4 /ip ipsec profile set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=172.16.0.1 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add disabled=no distance=1 dst-address=192.168.255.0/24 gateway=172.16.0.1 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add disabled=no distance=1 dst-address=192.168.1.0/24 gateway=172.16.0.1 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set api disabled=yes set api-ssl disabled=yes /ip smb shares set [ find default=yes ] directory=/flash/pub /radius add address=172.16.0.1 require-message-auth=no secret=CFNCOM service=login src-address=172.16.1.3 /radius incoming set accept=yes /routing bfd configuration add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5 /snmp set contact=noc@corefibre.com.au enabled=yes location=Melbourne,Australia trap-version=2 /system clock set time-zone-name=Australia/Sydney /system identity set name=SW1.530C.MEL.CFN.net.au /system logging add action=Syslog topics=info add action=Syslog topics=error add action=Syslog topics=warning add action=Syslog topics=critical /system note set show-at-login=no /system ntp client set enabled=yes /system ntp client servers add address=172.16.0.1 /system scheduler add name=reboot-at-10pm on-event=reboot-schedule policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2024-12-27 start-time=22:00:00 /system script add dont-require-permissions=no name=reboot-schedule owner=daniel policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/system reboot" /tool romon set enabled=yes id=18:FD:74:B2:CD:84 secrets=CFN /user aaa set use-radius=yes