# model: CRS317-1G-16S+ # serial-number: HFB09D12MHQ # firmware-type: dx3230L # current-firmware: 7.16.2 # installed-version: 7.18.2 # Flags: U - UNDOABLE # Columns: ACTION, BY, POLICY, TIME # ACTION BY POLICY TIME # U item changed daniel write 2025-09-30 14:09:51 # U item removed daniel write 2025-09-30 14:09:49 # U device changed daniel write 2025-08-28 09:38:56 # U device changed daniel write 2025-08-28 09:38:56 # U device changed daniel write 2025-08-27 20:24:55 # U device changed daniel write 2025-08-27 20:24:55 # U device changed daniel write 2025-08-27 20:24:43 # U device changed daniel write 2025-08-27 20:24:43 # U device changed daniel write 2025-08-27 20:24:43 # U device changed daniel write 2025-08-27 20:24:43 # U device changed daniel write 2025-08-27 20:24:43 # U device changed daniel write 2025-08-27 20:24:43 # U device changed daniel write 2025-08-27 20:24:42 # U device changed daniel write 2025-08-27 20:24:42 # U device changed daniel write 2025-08-27 20:24:41 # U device changed daniel write 2025-08-27 20:24:41 # U device changed daniel write 2025-08-27 20:24:41 # U device changed daniel write 2025-08-27 20:24:41 # U device changed daniel write 2025-08-27 20:24:41 # U device changed daniel write 2025-08-27 20:24:41 # U device changed daniel write 2025-08-27 20:24:41 # U device changed daniel write 2025-08-27 20:24:40 # U device changed daniel write 2025-08-27 20:24:40 # U ovpn server added read 2025-05-04 13:12:16 # # software id = 6GRC-RTHD # # model = CRS317-1G-16S+ # serial number = HFB09D12MHQ /interface bridge add admin-mac=78:9A:18:A5:DB:04 auto-mac=no name=bridge port-cost-mode=short vlan-filtering=yes /interface ethernet set [ find default-name=ether1 ] l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus1 ] comment="DF #1 From 530C" l2mtu=9200 mtu=9000 name=sfp-sfpplus1-530Colins set [ find default-name=sfp-sfpplus2 ] comment="DF #2 From 530C" l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus3 ] comment="DF #1 To 100Q" l2mtu=9200 mtu=9000 name=sfp-sfpplus3-100Queen set [ find default-name=sfp-sfpplus4 ] comment="DF #2 To 100Q" l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus5 ] comment=Router l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus6 ] comment=SW1 l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus7 ] comment=SW2 l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus8 ] l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus9 ] l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus10 ] l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus11 ] l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus12 ] l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus13 ] l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus14 ] l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus15 ] l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus16 ] l2mtu=9200 mtu=9000 /interface vlan add interface=bridge name=BR.VL5 vlan-id=5 add interface=bridge name=VL3000 vlan-id=3000 /interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip smb users set [ find default=yes ] disabled=yes /port set 0 name=serial0 /snmp community set [ find default=yes ] name=CFNCOM /system logging action add name=Syslog remote=172.16.0.250 src-address=172.16.2.2 target=remote /interface bridge port add bridge=bridge edge=no interface=sfp-sfpplus1-530Colins internal-path-cost=10 path-cost=10 add bridge=bridge disabled=yes interface=sfp-sfpplus2 internal-path-cost=10 path-cost=10 add bridge=bridge edge=no interface=sfp-sfpplus3-100Queen internal-path-cost=10 path-cost=10 add bridge=bridge disabled=yes interface=sfp-sfpplus4 internal-path-cost=10 path-cost=10 add bridge=bridge interface=sfp-sfpplus5 internal-path-cost=10 path-cost=10 add bridge=bridge interface=sfp-sfpplus6 internal-path-cost=10 path-cost=10 add bridge=bridge interface=sfp-sfpplus7 internal-path-cost=10 path-cost=10 add bridge=bridge interface=ether1 internal-path-cost=10 path-cost=10 pvid=5 /ip firewall connection tracking set udp-timeout=10s /ip neighbor discovery-settings set discover-interface-list=!dynamic /ip settings set max-neighbor-entries=8192 /ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192 soft-max-neighbor-entries=8191 /interface bridge vlan add bridge=bridge tagged=bridge,sfp-sfpplus5,sfp-sfpplus6,ether1 vlan-ids=100 add bridge=bridge tagged=bridge,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,ether1 vlan-ids=20 # sfp-sfpplus2 not a bridge port add bridge=bridge tagged="bridge,sfp-sfpplus1-530Colins,sfp-sfpplus2,sfp-sfpplus5,sfp-sfpplus6,ether1" vlan-ids=3001 add bridge=bridge tagged=bridge,sfp-sfpplus5,sfp-sfpplus6,ether1 vlan-ids=214 # sfp-sfpplus2,sfp-sfpplus4 not a bridge port add bridge=bridge tagged="bridge,sfp-sfpplus1-530Colins,sfp-sfpplus2,sfp-sfpplus3-100Queen,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,ether1" vlan-ids=3000 add bridge=bridge tagged=bridge,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,ether1 vlan-ids=21 add bridge=bridge tagged=bridge,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,ether1 vlan-ids=99 # sfp-sfpplus2,sfp-sfpplus4 not a bridge port add bridge=bridge tagged="bridge,sfp-sfpplus1-530Colins,sfp-sfpplus2,sfp-sfpplus3-100Queen,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7" untagged=ether1 vlan-ids=5 # sfp-sfpplus2 not a bridge port add bridge=bridge tagged="bridge,sfp-sfpplus1-530Colins,sfp-sfpplus2,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,ether1" vlan-ids=10 # sfp-sfpplus2,sfp-sfpplus4 not a bridge port add bridge=bridge tagged="bridge,sfp-sfpplus1-530Colins,sfp-sfpplus2,sfp-sfpplus3-100Queen,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,ether1" vlan-ids=6 # sfp-sfpplus2,sfp-sfpplus4 not a bridge port add bridge=bridge tagged="bridge,sfp-sfpplus1-530Colins,sfp-sfpplus2,sfp-sfpplus3-100Queen,sfp-sfpplus4,sfp-sfpplus6" vlan-ids=3324 # sfp-sfpplus2,sfp-sfpplus4 not a bridge port add bridge=bridge tagged="bridge,sfp-sfpplus1-530Colins,sfp-sfpplus2,sfp-sfpplus3-100Queen,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6" vlan-ids=300 /interface ovpn-server server add auth=sha1,md5 mac-address=FE:A7:38:9C:DF:3A name=ovpn-server1 /ip address add address=172.16.2.2/16 interface=BR.VL5 network=172.16.0.0 /ip dhcp-client # DHCP client can not run on slave or passthrough interface! add interface=ether1 /ip dns set servers=1.1.1.1 /ip hotspot profile set [ find default=yes ] html-directory=hotspot /ip ipsec profile set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 /ip route add disabled=no dst-address=0.0.0.0/0 gateway=172.16.0.1 routing-table=main suppress-hw-offload=no add disabled=no distance=1 dst-address=192.168.255.0/24 gateway=172.16.0.1 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add disabled=no distance=1 dst-address=192.168.1.0/24 gateway=172.16.0.1 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set api disabled=yes set api-ssl disabled=yes /ip smb shares set [ find default=yes ] directory=/flash/pub /radius add address=172.16.0.1 require-message-auth=no secret=CFNCOM service=login src-address=172.16.2.2 /routing bfd configuration add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5 /snmp set contact=noc@corefibre.com.au enabled=yes location=Melbourne,Australia trap-community=*1 trap-version=2 /system clock set time-zone-name=Australia/Sydney /system identity set name=SW0.8Ex.CFN.net.au /system logging add action=Syslog topics=critical add action=Syslog topics=error add action=Syslog topics=info add action=Syslog topics=warning /system note set show-at-login=no /system ntp client set enabled=yes /system ntp client servers add address=172.16.0.1 /system scheduler add name=reboot-at-10pm on-event=reboot-schedule policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2024-12-27 start-time=22:00:00 /system script add dont-require-permissions=no name=reboot-schedule owner=daniel policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/system reboot" /tool romon set enabled=yes id=78:9A:18:A5:DB:14 secrets=CFN /user aaa set use-radius=yes