# model: CRS317-1G-16S+ # serial-number: HFB09FENE60 # firmware-type: dx3230L # current-firmware: 7.16.2 # installed-version: 7.18.2 # Flags: U - UNDOABLE # Columns: ACTION, BY, POLICY, TIME # ACTION BY POLICY TIME # U device changed daniel write 2025-11-24 14:26:46 # U device changed daniel write 2025-11-24 14:26:30 # U user valvenetworks added daniel write 2025-11-24 14:26:05 # policy # U item added daniel write 2025-10-10 14:26:17 # U changed snmp settings daniel write 2025-09-30 14:09:05 # U item changed daniel write 2025-09-30 14:09:03 # U item removed daniel write 2025-09-30 14:09:01 # U device changed daniel write 2025-08-28 09:34:02 # U device changed daniel write 2025-08-28 09:34:01 # U device changed daniel write 2025-08-28 09:34:01 # U device changed daniel write 2025-08-28 09:34:01 # U device changed daniel write 2025-08-27 20:20:16 # U device changed daniel write 2025-08-27 20:20:15 # U device changed daniel write 2025-08-27 20:20:15 # U device changed daniel write 2025-08-27 20:20:15 # U device changed daniel write 2025-08-27 20:19:58 # U device changed daniel write 2025-08-27 20:19:58 # U device changed daniel write 2025-08-27 20:19:58 # U device changed daniel write 2025-08-27 20:19:58 # U device changed daniel write 2025-08-27 20:19:58 # U device changed daniel write 2025-08-27 20:19:58 # U device changed daniel write 2025-08-27 20:19:58 # U device changed daniel write 2025-08-27 20:19:58 # U device changed daniel write 2025-08-27 20:19:58 # U device changed daniel write 2025-08-27 20:19:58 # U device changed daniel write 2025-08-27 20:19:58 # U device changed daniel write 2025-08-27 20:19:58 # U device changed daniel write 2025-08-27 20:19:58 # U device changed daniel write 2025-08-27 20:19:58 # U device changed daniel write 2025-08-27 20:19:58 # U device changed daniel write 2025-08-27 20:19:57 # U device changed daniel write 2025-08-27 20:19:57 # U ovpn server added read 2025-05-04 22:30:23 # # software id = NNQ4-TL7S # # model = CRS317-1G-16S+ # serial number = HFB09FENE60 /interface bridge add admin-mac=78:9A:18:A5:D7:DF auto-mac=no name=bridge port-cost-mode=short vlan-filtering=yes /interface ethernet set [ find default-name=ether1 ] l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus1 ] comment="DF #1 From 8Ex" l2mtu=9200 mtu=9000 name=sfp-sfpplus1-8Ex set [ find default-name=sfp-sfpplus2 ] comment="DF #2 From 8Ex" disabled=yes l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus3 ] comment="DF #1 To 360E" l2mtu=9200 mtu=9000 name=sfp-sfpplus3-360Elizabeth set [ find default-name=sfp-sfpplus4 ] comment="DF #2 To 360E" disabled=yes l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus5 ] comment=Router l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus6 ] comment=SW1 l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus7 ] comment=SW2 l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus8 ] l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus9 ] l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus10 ] l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus11 ] l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus12 ] l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus13 ] l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus14 ] l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus15 ] l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus16 ] l2mtu=9200 mtu=9000 /interface vlan add interface=bridge name=BR.VL5 vlan-id=5 add interface=bridge name=BR.Vl16 vlan-id=16 add interface=bridge name=VL3000 vlan-id=3000 add interface=bridge name=VL3324 vlan-id=3324 /interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip smb users set [ find default=yes ] disabled=yes /port set 0 name=serial0 /snmp community set [ find default=yes ] name=CFNCOM /system logging action add name=Syslog remote=172.16.0.250 src-address=172.16.3.2 target=remote /interface bridge port add bridge=bridge edge=no interface=sfp-sfpplus1-8Ex internal-path-cost=10 path-cost=10 add bridge=bridge interface=sfp-sfpplus2 internal-path-cost=10 path-cost=10 add bridge=bridge edge=no interface=sfp-sfpplus3-360Elizabeth internal-path-cost=10 path-cost=10 add bridge=bridge interface=sfp-sfpplus4 internal-path-cost=10 path-cost=10 add bridge=bridge interface=sfp-sfpplus5 internal-path-cost=10 path-cost=10 add bridge=bridge interface=sfp-sfpplus6 internal-path-cost=10 path-cost=10 add bridge=bridge interface=sfp-sfpplus7 internal-path-cost=10 path-cost=10 add bridge=bridge interface=ether1 pvid=5 /ip firewall connection tracking set udp-timeout=10s /ip neighbor discovery-settings set discover-interface-list=!dynamic /ip settings set max-neighbor-entries=8192 /ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192 soft-max-neighbor-entries=8191 /interface bridge vlan add bridge=bridge tagged=bridge,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7 vlan-ids=100 add bridge=bridge tagged=bridge,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7 vlan-ids=201 add bridge=bridge tagged=bridge,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7 vlan-ids=211 add bridge=bridge tagged=bridge,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7 vlan-ids=221 add bridge=bridge tagged=bridge,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7 vlan-ids=311 add bridge=bridge tagged=bridge,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7 vlan-ids=212 add bridge=bridge tagged=bridge,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7 vlan-ids=213 add bridge=bridge tagged=bridge,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7 vlan-ids=321 add bridge=bridge tagged=bridge,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7 vlan-ids=3840 add bridge=bridge tagged=bridge,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7 vlan-ids=99 add bridge=bridge tagged=bridge,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7 vlan-ids=16 add bridge=bridge tagged="bridge,sfp-sfpplus1-8Ex,sfp-sfpplus2,sfp-sfpplus3-360Elizabeth,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7" untagged=ether1 vlan-ids=5 add bridge=bridge tagged="bridge,sfp-sfpplus1-8Ex,sfp-sfpplus2,sfp-sfpplus3-360Elizabeth,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7" vlan-ids=3000 add bridge=bridge tagged="bridge,sfp-sfpplus1-8Ex,sfp-sfpplus2,sfp-sfpplus3-360Elizabeth,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7" vlan-ids=6 add bridge=bridge tagged=bridge,sfp-sfpplus5,sfp-sfpplus7 vlan-ids=131 add bridge=bridge tagged="bridge,sfp-sfpplus1-8Ex,sfp-sfpplus2,sfp-sfpplus3-360Elizabeth,sfp-sfpplus4,sfp-sfpplus7" vlan-ids=3324 add bridge=bridge tagged=bridge,sfp-sfpplus5,sfp-sfpplus6 vlan-ids=121 /interface ovpn-server server add auth=sha1,md5 mac-address=FE:C4:FA:09:3E:3B name=ovpn-server1 /ip address add address=172.16.3.2/16 interface=BR.VL5 network=172.16.0.0 add address=10.3.24.2/30 interface=VL3324 network=10.3.24.0 /ip dhcp-client # DHCP client can not run on slave or passthrough interface! add interface=ether1 /ip dns set servers=1.1.1.1 /ip hotspot profile set [ find default=yes ] html-directory=hotspot /ip ipsec profile set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=172.16.0.1 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add disabled=no distance=1 dst-address=192.168.255.0/24 gateway=172.16.0.1 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add disabled=no distance=1 dst-address=192.168.1.0/24 gateway=172.16.0.1 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set api disabled=yes set api-ssl disabled=yes /ip smb shares set [ find default=yes ] directory=/flash/pub /radius add address=172.16.0.1 require-message-auth=no secret=CFNCOM service=login /routing bfd configuration add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5 /snmp set contact=noc@corefibre.com.au enabled=yes location=Melbourne,Australia trap-version=2 /system clock set time-zone-name=Australia/Sydney /system identity set name=SW0.100Q.CFN.net.au /system logging add action=Syslog topics=warning add action=Syslog topics=info add action=Syslog topics=error add action=Syslog topics=critical /system note set show-at-login=no /system ntp client set enabled=yes /system ntp client servers add address=au.pool.ntp.org add address=172.16.0.1 /system scheduler add name=reboot-at-10pm on-event=reboot-schedule policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2024-12-27 start-time=22:00:00 /system script add dont-require-permissions=no name=reboot-schedule owner=daniel policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/system reboot" /tool romon set enabled=yes id=78:9A:18:A5:D7:EF secrets=CFN /user aaa set use-radius=yes