# model: CCR1009-7G-1C-1S+ # serial-number: HD008EB6VGW # firmware-type: tilegx # current-firmware: 7.19.4 # installed-version: 7.19.4 # Flags: U - UNDOABLE # Columns: ACTION, BY, POLICY, TIME # ACTION BY POLICY TIME # U address changed daniel write 2025-12-08 23:45:58 # U pool VL121 changed daniel write 2025-12-08 23:45:13 # U dhcp network changed daniel write 2025-12-08 23:44:44 # U address added daniel write 2025-12-08 17:07:25 # U dhcp network added daniel write 2025-10-14 12:24:43 # U item added daniel write 2025-10-10 15:10:17 # U dhcp server VL121-DHCP added daniel write 2025-10-10 15:09:07 # U pool VL121 added daniel write 2025-10-10 15:08:30 # U address added daniel write 2025-10-10 15:07:40 # U device added daniel write 2025-10-10 15:06:59 # U changed snmp settings daniel write 2025-09-30 14:46:40 # U item changed daniel write 2025-09-30 14:46:37 # U item changed daniel write 2025-09-30 14:46:36 # U item removed daniel write 2025-09-30 14:46:34 # U filter rule changed daniel write 2025-09-11 15:26:47 # U filter rule changed daniel write 2025-09-11 15:26:45 # U filter rule changed daniel write 2025-09-11 15:26:42 # U filter rule changed daniel write 2025-09-11 15:26:40 # U route 192.168.103.0/24 added daniel write 2025-09-11 14:54:15 # U address removed daniel write 2025-08-28 22:42:48 # U route 0.0.0.0 removed daniel write 2025-08-28 22:42:26 # U route 0.0.0.0/0 added daniel write 2025-08-28 22:42:20 # U route 0.0.0.0 added daniel write 2025-08-28 22:41:51 # U route 0.0.0.0/0 removed daniel write 2025-08-28 22:41:37 # U address added daniel write 2025-08-28 22:41:25 # U device changed daniel write 2025-08-28 11:00:34 # U device changed daniel write 2025-08-28 11:00:29 # U device changed daniel write 2025-08-28 11:00:23 # U device changed daniel write 2025-08-28 11:00:15 # U device changed daniel write 2025-08-28 11:00:11 # U device changed daniel write 2025-08-28 11:00:05 # U device changed daniel write 2025-08-28 10:59:58 # U device changed daniel write 2025-08-28 10:59:51 # U device changed daniel write 2025-08-28 10:59:38 # U device changed daniel write 2025-08-28 10:57:43 # U filter rule changed daniel write 2025-08-28 10:55:41 # # software id = WKVT-ZWW3 # # model = CCR1009-7G-1C-1S+ # serial number = HD008EB6VGW /interface bridge add admin-mac=18:FD:74:83:88:D9 auto-mac=no ingress-filtering=no name=bridge port-cost-mode=short vlan-filtering=yes /interface ethernet set [ find default-name=combo1 ] l2mtu=1596 set [ find default-name=ether1 ] l2mtu=1596 set [ find default-name=ether2 ] l2mtu=1596 set [ find default-name=ether3 ] l2mtu=1596 set [ find default-name=ether4 ] l2mtu=1596 set [ find default-name=ether5 ] l2mtu=1596 set [ find default-name=ether6 ] l2mtu=1596 set [ find default-name=ether7 ] comment=AP l2mtu=1596 set [ find default-name=sfp-sfpplus1 ] comment="Uplink to SW0" l2mtu=1596 rx-flow-control=on tx-flow-control=on /interface vlan add interface=bridge name=BR.VL5 vlan-id=5 add interface=bridge name=BR.VL10 vlan-id=10 add interface=bridge name=BR.VL16 vlan-id=16 add interface=bridge name=BR.VL99 vlan-id=99 add comment="MDF-Management VLAN" interface=bridge name=BR.VL100 vlan-id=100 add interface=bridge name=BR.VL121 vlan-id=121 add comment="Level 13 Tenancy 1 VLAN" interface=bridge name=BR.VL131 vlan-id=131 add comment="Level 2 360C Management VLAN" interface=bridge name=BR.VL201 vlan-id=201 add comment="Level 2 360C Tenancy Corp Network VLAN" interface=bridge name=BR.VL211 vlan-id=211 add comment="GPT MDF Handoff" interface=bridge name=BR.VL212 vlan-id=212 add comment="Level 12 100Q Tenancy Corp Network VLAN" interface=bridge name=BR.VL213 vlan-id=213 add comment="Level 2 360C Guest Network VLAN" interface=bridge name=BR.VL221 vlan-id=221 add comment="Level 3 380C Tenancy Corp Network VLAN" interface=bridge name=BR.VL311 vlan-id=311 add interface=bridge name=BR.VL321 vlan-id=321 add interface=sfp-sfpplus1 name=BR.VL3000 vlan-id=3000 add interface=BR.VL3000 name=BR.VL3000.VL100 vlan-id=100 add comment="AAPT L2 VLAN" interface=bridge name=BR.VL3840 vlan-id=3840 /interface pppoe-client add add-default-route=yes default-route-distance=2 interface=BR.VL3000.VL100 max-mru=1492 max-mtu=1492 name=pppoe-out1 password=TgUzCmOz user=100Q-MDF@nwb.onenet.com.au /interface list add name=WAN add name=LAN /interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=dhcp_pool0 ranges=192.168.88.2-192.168.88.254 add name=dhcp_pool1 ranges=192.168.211.2-192.168.211.254 add name=dhcp_pool2 ranges=192.168.221.2-192.168.221.254 add name=dhcp_pool3 ranges=10.99.1.2-10.99.1.254 add name=VPN-Pool ranges=192.168.255.11-192.168.255.249 add name=dhcp_pool5 ranges=192.168.123.2-192.168.123.254 add name=dhcp_pool6 ranges=192.168.213.11-192.168.213.249 add name=dhcp_pool7 ranges=192.168.16.11-192.168.16.199 add name=dhcp_pool8 ranges=192.168.201.2-192.168.201.254 add name=dhcp_pool9 ranges=192.168.32.2-192.168.32.254 add name=dhcp_pool10 ranges=192.168.131.2-192.168.131.254 add name=dhcp_pool11 ranges=192.168.99.1-192.168.99.253 add name=VL121 ranges=192.168.122.11-192.168.123.250 /ip dhcp-server add address-pool=dhcp_pool1 interface=BR.VL211 lease-time=10m name=dhcp2 add address-pool=dhcp_pool2 interface=BR.VL221 lease-time=10m name=dhcp3 # DHCP server can not run on slave interface! add address-pool=dhcp_pool3 interface=ether5 lease-time=10m name=dhcp4 add address-pool=dhcp_pool5 disabled=yes interface=ether4 lease-time=10m name=dhcp5 add address-pool=dhcp_pool6 interface=BR.VL213 lease-time=10m name=dhcp6 add address-pool=dhcp_pool7 interface=BR.VL16 lease-time=10m name=dhcp7 add address-pool=dhcp_pool8 interface=BR.VL201 name=dhcp1 add address-pool=dhcp_pool9 interface=BR.VL321 name=dhcp8 add address-pool=dhcp_pool10 interface=BR.VL131 name=dhcp9 add address-pool=dhcp_pool11 interface=BR.VL99 name=dhcp10 add address-pool=VL121 interface=BR.VL121 name=VL121-DHCP /ip smb users set [ find default=yes ] disabled=yes /port set 0 name=serial0 set 1 name=serial1 /ppp profile add name=RWB_sstp_profile add dns-server=1.1.1.1 local-address=100.64.10.1 name=PPPoE use-compression=no use-encryption=no use-mpls=no use-upnp=no add bridge=bridge dns-server=8.8.8.8,8.8.4.4 local-address=192.168.255.1 name=L2TP-VPN remote-address=VPN-Pool use-encryption=required /routing bgp template set default disabled=no output.network=bgp-networks /routing ospf instance add disabled=no name=default-v2 /routing ospf area add disabled=yes instance=default-v2 name=backbone-v2 /snmp community set [ find default=yes ] name=CFNCOM add addresses=0.0.0.0/0 name=valve /system logging action add name=Syslog remote=172.16.0.250 src-address=172.16.3.1 target=remote /interface bridge port add bridge=bridge ingress-filtering=no interface=ether1 internal-path-cost=10 path-cost=10 pvid=3840 add bridge=bridge interface=sfp-sfpplus1 internal-path-cost=10 path-cost=10 add bridge=bridge interface=ether7 internal-path-cost=10 path-cost=10 add bridge=bridge interface=ether5 pvid=99 /ip firewall connection tracking set udp-timeout=10s /ip neighbor discovery-settings set discover-interface-list=!dynamic /ip settings set max-neighbor-entries=8192 /ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192 soft-max-neighbor-entries=8191 /interface bridge vlan add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=100 add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=201 add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=211 add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=221 add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=311 add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=10 add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=3840 add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=213 add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=321 add bridge=bridge tagged=bridge,sfp-sfpplus1 untagged=ether5 vlan-ids=99 add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=16 add bridge=bridge tagged=bridge,sfp-sfpplus1,ether7 vlan-ids=5 add bridge=bridge tagged=bridge,sfp-sfpplus1,ether7 vlan-ids=6 add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=3000 add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=131 add bridge=bridge tagged=bridge,sfp-sfpplus1 vlan-ids=121 /interface l2tp-server server set default-profile=L2TP-VPN enabled=yes ipsec-secret=TrueTelco1#42 use-ipsec=yes /interface list member add interface=pppoe-out1 list=WAN add interface=BR.VL100 list=LAN add interface=BR.VL201 list=LAN add interface=BR.VL211 list=LAN add interface=BR.VL221 list=LAN add interface=BR.VL3000.VL100 list=WAN /interface ovpn-server server add auth=sha1,md5 mac-address=FE:A3:6C:6B:4D:6D name=ovpn-server1 /interface pppoe-server server add authentication=pap,chap default-profile=PPPoE interface=*14 max-mru=1492 max-mtu=1492 service-name=PPPoE-VL212 add disabled=no interface=BR.VL311 service-name=service1 /ip address add address=192.168.100.1/24 interface=BR.VL100 network=192.168.100.0 add address=192.168.201.1/24 interface=BR.VL201 network=192.168.201.0 add address=192.168.211.1/24 interface=BR.VL211 network=192.168.211.0 add address=192.168.221.1/24 interface=BR.VL221 network=192.168.221.0 add address=192.168.213.1/24 interface=BR.VL213 network=192.168.213.0 add address=113.212.93.73/29 interface=BR.VL321 network=113.212.93.72 add address=192.168.99.254/24 interface=BR.VL99 network=192.168.99.0 add address=192.168.16.1/24 interface=BR.VL16 network=192.168.16.0 add address=172.16.3.1/16 interface=BR.VL5 network=172.16.0.0 add address=192.168.32.1/24 interface=BR.VL321 network=192.168.32.0 add address=192.168.131.1/24 interface=BR.VL131 network=192.168.131.0 add address=192.168.0.97/24 interface=ether5 network=192.168.0.0 add address=103.67.56.110/30 interface=BR.VL3000.VL100 network=103.67.56.108 add address=192.168.121.1/24 interface=BR.VL121 network=192.168.121.0 add address=192.168.122.1/23 interface=BR.VL121 network=192.168.122.0 /ip dhcp-server lease add address=192.168.213.100 client-id=1:0:20:6b:4b:53:95 mac-address=00:20:6B:4B:53:95 server=dhcp6 add address=192.168.16.11 mac-address=10:82:3D:59:31:FE server=dhcp7 add address=192.168.16.13 mac-address=F0:74:8D:11:C4:4E server=dhcp7 add address=192.168.16.15 mac-address=F0:74:8D:11:C4:7B server=dhcp7 add address=192.168.16.12 mac-address=F0:74:8D:11:C4:67 server=dhcp7 add address=192.168.16.14 mac-address=F0:74:8D:11:C4:0D server=dhcp7 add address=192.168.131.247 mac-address=E0:5D:54:2B:F5:04 server=dhcp9 add address=192.168.131.245 mac-address=E0:5D:54:2C:55:1C server=dhcp9 add address=192.168.131.249 mac-address=E0:5D:54:2E:EF:89 server=dhcp9 add address=192.168.131.248 mac-address=E0:5D:54:2E:FA:79 server=dhcp9 add address=192.168.131.246 mac-address=E0:5D:54:2F:00:87 server=dhcp9 add address=192.168.131.240 mac-address=70:85:C4:97:94:70 server=dhcp9 add address=192.168.131.242 mac-address=E0:5D:54:2E:F3:C6 server=dhcp9 add address=192.168.131.244 mac-address=E0:5D:54:2F:03:6B server=dhcp9 add address=192.168.131.241 mac-address=E0:5D:54:2C:27:CC server=dhcp9 add address=192.168.131.243 mac-address=E0:5D:54:2C:29:E3 server=dhcp9 /ip dhcp-server network add address=10.99.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.99.1.1 add address=192.168.16.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.16.1 add address=192.168.32.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.32.1 add address=192.168.88.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.88.1 add address=192.168.99.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.99.254 add address=192.168.122.0/23 dns-server=8.8.8.8 gateway=192.168.122.1 add address=192.168.123.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.123.1 add address=192.168.131.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.131.1 add address=192.168.201.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.201.1 add address=192.168.211.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.211.1 add address=192.168.213.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.213.1 add address=192.168.221.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.221.1 /ip dns set servers=8.8.8.8,8.8.4.4 /ip firewall address-list add address=acl.watti.tools comment="Daniel's ACL" list=TrustedIPs add address=acl.manisp.au comment="ManISP's ACL" list=TrustedIPs add address=tools.corefibre.com.au comment="CoreFibre's ACL" list=TrustedIPs add address=172.16.0.0/16 comment="Internal Superset" list=TrustedIPs add address=103.67.56.0/23 comment=CF-Superset list=TrustedIPs add address=100.64.0.0/16 comment=CF-CGNat-Superset list=TrustedIPs add address=172.31.255.0/24 comment=172.31.255.0/24 list=TrustedIPs add address=172.16.0.0/16 list=list-NTP-Targets add address=172.16.0.0/16 list=list-DNS-Targets add address=172.16.0.0/16 list=list-SSH-Targets add address=172.16.0.0/16 list=list-SNMP-Targets add address=172.16.0.0/16 list=list-HTTP-Targets add address=172.16.0.0/16 list=list-HTTPS-Targets add address=172.16.0.0/16 list=list-Winbox-Targets add address=172.16.0.0/16 list=list-RADIUS-Targets add address=172.16.0.0/16 list=list-GRE-Targets add address=172.16.0.0/16 list=list-Core-Interconnects add address=172.16.0.0/16 list=list-Loopback-Address add address=1.1.1.1 list=DNS-Servers add address=8.8.8.8 list=DNS-Servers add address=8.8.4.4 list=DNS-Servers add address=9.9.9.9 list=DNS-Servers add address=valve-space-router.qld.valvenetworks.net comment=valve-space-router.qld.valvenetworks.net list=TrustedIPs /ip firewall filter add action=accept chain=input src-address=14.202.159.113 add action=accept chain=input comment="Permit Established, Related" connection-state=established,related add action=jump chain=input comment="Shape ICMP Chain & Jump" jump-target=ICMP protocol=icmp add action=accept chain=input comment="Permit UDP Traceroute" limit=512k,512k:bit log-prefix=Accepted-Traceroute port=33434-33534 protocol=udp add action=accept chain=input comment="Permit NTP" dst-port=123 limit=2M,2M:bit log-prefix=Accepted-NTP protocol=udp src-address-list=list-NTP-Targets add action=accept chain=input comment="Permit DNS" limit=10M,10M:bit log-prefix=Accepted-DNS port=53 protocol=udp src-address-list=TrustedIPs add action=accept chain=input comment="Permit DNS" limit=10M,10M:bit log-prefix=Accepted-DNS port=53 protocol=udp src-address-list=DNS-Servers add action=accept chain=input comment="Permit DNS" limit=10M,10M:bit log-prefix=Accepted-DNS port=53 protocol=udp src-address-list=list-DNS-Targets add action=accept chain=input comment="Permit SSH" dst-port=22 limit=10M,10M:bit log-prefix=Accepted-SSH protocol=tcp src-address-list=TrustedIPs add action=accept chain=input comment="Permit SSH" dst-port=22 limit=10M,10M:bit log-prefix=Accepted-SSH protocol=tcp src-address-list=list-SSH-Targets add action=accept chain=input comment="Permit SNMP" dst-port=161 limit=2M,2M:bit log-prefix=Accepted-SNMP protocol=udp src-address-list=TrustedIPs add action=accept chain=input comment="Permit SNMP" dst-port=161 limit=2M,2M:bit log-prefix=Accepted-SNMP protocol=udp src-address-list=list-SNMP-Targets add action=accept chain=input comment="Permit HTTP" dst-port=80 limit=10M,10M:bit log-prefix=Accepted-HTTP protocol=tcp src-address-list=list-HTTP-Targets add action=accept chain=input comment="Permit HTTPS" dst-port=443 limit=10M,10M:bit log-prefix=Accepted-HTTPS protocol=tcp src-address-list=list-HTTPS-Targets add action=accept chain=input comment="Permit Winbox" dst-port=8291 limit=10M,10M:bit log-prefix=Accepted-Winbox protocol=tcp src-address-list=TrustedIPs add action=accept chain=input comment="Permit Winbox" dst-port=8291 limit=10M,10M:bit log-prefix=Accepted-Winbox protocol=tcp src-address-list=list-Winbox-Targets add action=accept chain=input comment="Permit RADIUS" limit=10M,10M:bit log-prefix=Accepted-RADIUS port=1700 protocol=udp src-address-list=list-RADIUS-Targets add action=accept chain=input comment="Permit RADIUS Incoming" limit=10M,10M:bit log-prefix=Accepted-RADIUS port=3799 protocol=udp src-address-list=list-RADIUS-Targets add action=accept chain=input comment="Permit GRE" log-prefix=Accepted-GRE protocol=gre src-address-list=list-GRE-Targets add action=accept chain=input comment="Permit BFD" limit=2M,2M:bit log-prefix=Accepted-BFD port=3784 protocol=udp src-address-list=list-Core-Interconnects add action=accept chain=input comment="Permit OSPF" limit=2M,2M:bit log-prefix=Accepted-OSPF protocol=ospf src-address-list=list-Core-Interconnects add action=accept chain=input comment="Permit IBGP" dst-address-list=list-Loopback-Address limit=50M,50M:bit log-prefix=Accepted-IBGP port=179 protocol=tcp ttl=less-than:5 add action=accept chain=input comment="Permit Unprotected Direct EBGP" limit=10M,10M:bit log-prefix=Accepted-EBGP port=179 protocol=tcp ttl=equal:1 add action=accept chain=input comment="Permit RFC3682-Protected EBGP" limit=20M,20M:bit log-prefix=Accepted-RFC3682 port=179 protocol=tcp ttl=equal:255 add action=add-src-to-address-list address-list=list-SYN-Flooders address-list-timeout=30m chain=input comment="Restrict SYN Flooding" connection-limit=30,32 protocol=tcp tcp-flags=syn add action=add-src-to-address-list address-list=list-Port-Scanners address-list-timeout=1w chain=input comment="Restrict Port Scanning" protocol=tcp psd=21,3s,3,1 add action=drop chain=input comment="Drop SYN Flooders" disabled=yes src-address-list=list-SYN-Flooders add action=drop chain=input comment="Drop Port Scanners" disabled=yes src-address-list=list-Port-Scanners add action=drop chain=input comment="Drop Remaining Traffic" disabled=yes in-interface=!BR.VL213 log=yes add action=drop chain=ICMP comment="Drop ICMP Fragments" disabled=yes fragment=yes protocol=icmp add action=accept chain=ICMP comment="Permit Type 8 - Echo Request" icmp-options=8:0 protocol=icmp add action=accept chain=ICMP comment="Permit Type 0 - Echo Reply" icmp-options=0:0 protocol=icmp add action=accept chain=ICMP comment="Permit Type 11 - Time Exceeded" icmp-options=11:0 protocol=icmp add action=accept chain=ICMP comment="Permit Type 3 - Destination Unreachable" icmp-options=3:0-1 protocol=icmp add action=accept chain=ICMP comment="Permit Type 3 - Path MTU Discovery" icmp-options=3:4 protocol=icmp add action=drop chain=ICMP comment="Drop Remaining ICMP Types" protocol=icmp /ip firewall nat add action=masquerade chain=srcnat out-interface-list=WAN add action=masquerade chain=srcnat comment="NAT to infrastructure network" disabled=yes dst-address=192.168.201.0/24 add action=dst-nat chain=dstnat disabled=yes dst-port=8292 in-interface-list=WAN protocol=tcp src-address-list=TrustedIPs to-addresses=192.168.100.11 to-ports=8291 add action=dst-nat chain=dstnat disabled=yes dst-port=8293 in-interface-list=WAN protocol=tcp src-address-list=TrustedIPs to-addresses=192.168.100.12 to-ports=8291 add action=dst-nat chain=dstnat dst-port=222 in-interface-list=WAN protocol=tcp src-address-list=TrustedIPs to-addresses=192.168.99.252 to-ports=22 add action=dst-nat chain=dstnat dst-port=223 in-interface-list=WAN protocol=tcp src-address-list=TrustedIPs to-addresses=192.168.99.251 to-ports=22 add action=dst-nat chain=dstnat dst-port=163 protocol=udp to-addresses=192.168.99.252 to-ports=161 add action=dst-nat chain=dstnat dst-port=164 protocol=udp to-addresses=192.168.99.251 to-ports=161 add action=dst-nat chain=dstnat disabled=yes dst-port=8080 protocol=tcp to-addresses=192.168.0.100 to-ports=80 /ip firewall service-port set ftp disabled=yes set tftp disabled=yes set h323 disabled=yes set sip disabled=yes set pptp disabled=yes /ip ipsec profile set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 /ip route add disabled=no distance=1 dst-address=192.168.255.0/24 gateway=172.16.0.1 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add disabled=no distance=1 dst-address=192.168.1.0/24 gateway=172.16.0.1 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add disabled=no dst-address=103.67.57.11/32 gateway=172.16.0.1 routing-table=main suppress-hw-offload=no add disabled=no dst-address=103.248.50.200/29 gateway=172.16.0.1 routing-table=main suppress-hw-offload=no add dst-address=0.0.0.0/0 gateway=103.67.56.109 add dst-address=192.168.103.0/24 gateway=172.16.0.1 /ip service set ftp disabled=yes set telnet disabled=yes set www disabled=yes set api disabled=yes set api-ssl disabled=yes /ip smb shares set [ find default=yes ] directory=/pub /ppp aaa set interim-update=30m use-radius=yes /ppp secret add disabled=yes name=240395-617@nbn.truetelco.com.au password=RB9SUWP5 profile=PPPoE remote-address=113.212.93.105 service=pppoe add name=daniel password=Kitkat2030!! profile=L2TP-VPN remote-address=192.168.255.5 service=l2tp /radius add address=172.16.0.1 comment="CFN Userman" require-message-auth=no secret=CFNCOM service=login timeout=300ms add address=103.16.129.23 comment=radius-1.intervisp.net.au require-message-auth=no secret=c0a5ff94ef34 service=ppp src-address=103.96.6.239 timeout=3s add address=43.229.61.238 comment=radius-2.intervisp.net.au require-message-auth=no secret=c0a5ff94ef34 service=ppp src-address=103.96.6.239 timeout=3s add address=112.213.37.223 comment="TT Splynx" require-message-auth=no secret=c0a5ff94ef34 service=ppp timeout=3s /radius incoming set accept=yes /routing bfd configuration add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5 /snmp set contact=noc@corefibre.com.au enabled=yes location=Melbourne,Australia trap-version=2 /system clock set time-zone-name=Australia/Melbourne /system identity set name=CR.100Q.MEL.CFN.net.au /system logging add action=Syslog topics=warning add action=Syslog topics=info add action=Syslog topics=error add action=Syslog topics=critical /system ntp client set enabled=yes /system ntp client servers add address=172.16.0.1 /system scheduler add name=reboot-at-10pm on-event=reboot-schedule policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2024-12-27 start-time=22:00:00 /system script add dont-require-permissions=no name=reboot-schedule owner=daniel policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/system reboot" /tool romon set enabled=yes id=18:FD:74:83:88:DB secrets=CFN /user aaa set default-group=full use-radius=yes