# model: CRS317-1G-16S+ # serial-number: HFB098TX60N # firmware-type: dx3230L # current-firmware: 7.16.2 # installed-version: 7.18.2 # # software id = 3T8T-J5KX # # model = CRS317-1G-16S+ # serial number = HFB098TX60N /interface bridge add name=bridge vlan-filtering=yes /interface ethernet set [ find default-name=ether1 ] l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus1 ] comment="DF #1 From 100Q" l2mtu=9200 mtu=9000 name=sfp-sfpplus1-100Queen set [ find default-name=sfp-sfpplus2 ] comment="DF #2 to CFN MEL CORE M1" l2mtu=9200 mtu=9000 name=sfp-sfpplus2-CFN-MEL-CORE set [ find default-name=sfp-sfpplus3 ] auto-negotiation=no l2mtu=9200 mtu=9000 speed=1G-baseX set [ find default-name=sfp-sfpplus4 ] auto-negotiation=no l2mtu=9200 mtu=9000 speed=100M-baseT-full set [ find default-name=sfp-sfpplus5 ] auto-negotiation=no disabled=yes l2mtu=9200 mtu=9000 speed=1G-baseX set [ find default-name=sfp-sfpplus6 ] comment=Router l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus7 ] comment=SW1 l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus8 ] comment=SW2 l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus9 ] l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus10 ] l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus11 ] l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus12 ] l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus13 ] l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus14 ] disabled=yes l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus15 ] l2mtu=9200 mtu=9000 set [ find default-name=sfp-sfpplus16 ] disabled=yes l2mtu=9200 mtu=9000 /interface vlan add interface=bridge mtu=9000 name=BR.VL5 vlan-id=5 add interface=bridge mtu=9000 name=BR.VL99 vlan-id=99 /interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip smb users set [ find default=yes ] disabled=yes /port set 0 name=serial0 /snmp community add addresses=::/0 name=CFNCOM /system logging action add name=Syslog remote=172.16.0.250 src-address=172.16.4.2 target=remote /interface bridge port add bridge=bridge interface=sfp-sfpplus6 add bridge=bridge interface=sfp-sfpplus7 add bridge=bridge interface=sfp-sfpplus8 add bridge=bridge edge=no interface=sfp-sfpplus1-100Queen add bridge=bridge edge=no interface=sfp-sfpplus2-CFN-MEL-CORE path-cost=10000 add bridge=bridge interface=sfp-sfpplus3 add bridge=bridge interface=sfp-sfpplus4 add bridge=bridge interface=sfp-sfpplus5 add bridge=bridge interface=sfp-sfpplus9 add bridge=bridge interface=sfp-sfpplus10 /ip firewall connection tracking set udp-timeout=10s /ip neighbor discovery-settings set discover-interface-list=!dynamic /ip settings set max-neighbor-entries=8192 /ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192 soft-max-neighbor-entries=8191 /interface bridge vlan add bridge=bridge tagged="bridge,sfp-sfpplus1-100Queen,sfp-sfpplus2-CFN-MEL-CORE,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8" vlan-ids=10 add bridge=bridge tagged=bridge,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8 vlan-ids=11 add bridge=bridge tagged="bridge,sfp-sfpplus1-100Queen,sfp-sfpplus2-CFN-MEL-CORE,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8" vlan-ids=12 add bridge=bridge tagged=bridge,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8 vlan-ids=99 add bridge=bridge tagged=bridge,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8 vlan-ids=42 add bridge=bridge tagged="bridge,sfp-sfpplus1-100Queen,sfp-sfpplus2-CFN-MEL-CORE,sfp-sfpplus3,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8,sfp-sfpplus9,sfp-sfpplus10" vlan-ids=5 add bridge=bridge tagged="bridge,sfp-sfpplus1-100Queen,sfp-sfpplus2-CFN-MEL-CORE,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8" vlan-ids=3000 add bridge=bridge tagged=bridge,sfp-sfpplus1-100Queen,sfp-sfpplus2-CFN-MEL-CORE vlan-ids=6 add bridge=bridge tagged=bridge,sfp-sfpplus1-100Queen,sfp-sfpplus2-CFN-MEL-CORE vlan-ids=300 add bridge=bridge tagged=bridge,sfp-sfpplus1-100Queen,sfp-sfpplus2-CFN-MEL-CORE vlan-ids=3001 add bridge=bridge tagged=bridge,sfp-sfpplus1-100Queen,sfp-sfpplus2-CFN-MEL-CORE vlan-ids=3324 add bridge=bridge tagged=bridge,sfp-sfpplus1-100Queen,sfp-sfpplus2-CFN-MEL-CORE vlan-ids=3207 add bridge=bridge tagged="bridge,sfp-sfpplus1-100Queen,sfp-sfpplus2-CFN-MEL-CORE,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8" vlan-ids=442 add bridge=bridge tagged=bridge,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8 vlan-ids=502 /interface ovpn-server server add auth=sha1,md5 mac-address=FE:F6:63:66:8F:7E name=ovpn-server1 /ip address add address=172.16.4.2/16 interface=BR.VL5 network=172.16.0.0 add address=192.168.88.2/24 interface=sfp-sfpplus7 network=192.168.88.0 /ip dhcp-client add interface=ether1 /ip dns set servers=1.1.1.1 /ip firewall address-list add address=acl.watti.tools comment="Daniel's ACL" list=TrustedIPs add address=acl.manisp.au comment="ManISP's ACL" list=TrustedIPs add address=tools.corefibre.com.au comment="CoreFibre's ACL" list=TrustedIPs add address=172.16.0.0/16 comment=Superset list=TrustedIPs add address=103.67.56.1 comment=CR list=TrustedIPs add address=172.31.255.0/24 comment=172.31.255.0/24 list=TrustedIPs add address=172.16.0.0/16 list=list-NTP-Targets add address=172.16.0.0/16 list=list-DNS-Targets add address=172.16.0.0/16 list=list-SSH-Targets add address=172.16.0.0/16 list=list-SNMP-Targets add address=172.16.0.0/16 list=list-HTTP-Targets add address=172.16.0.0/16 list=list-HTTPS-Targets add address=172.16.0.0/16 list=list-Winbox-Targets add address=172.16.0.0/16 list=list-RADIUS-Targets add address=172.16.0.0/16 list=list-GRE-Targets add address=172.16.0.0/16 list=list-Core-Interconnects add address=172.16.0.0/16 list=list-Loopback-Address /ip hotspot profile set [ find default=yes ] html-directory=hotspot /ip ipsec profile set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=172.16.0.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set api disabled=yes set api-ssl disabled=yes /ip smb shares set [ find default=yes ] directory=/flash/pub /routing bfd configuration add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5 /snmp set contact=noc@corefibre.com.au enabled=yes location=Melbourne,Australia trap-community=CFNCOM trap-version=2 /system clock set time-zone-name=Australia/Melbourne /system identity set name=SW0.360E.MEL.CFN.net.au /system logging add action=Syslog topics=warning add action=Syslog topics=info add action=Syslog topics=error add action=Syslog topics=critical /system note set show-at-login=no /system ntp client set enabled=yes /system ntp client servers add address=172.16.0.1 /system scheduler add name=reboot-at-10pm on-event=reboot-schedule policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2024-12-27 start-time=22:00:00 /system script add dont-require-permissions=no name=reboot-schedule owner=daniel policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/system reboot" /tool romon set enabled=yes secrets=CFN