# model: CCR1009-7G-1C-1S+ # serial-number: E3220D0969AA # firmware-type: tilegx # current-firmware: 6.48.3 # installed-version: 7.12.1 # Flags: U - UNDOABLE # Columns: ACTION, BY, POLICY, TIME # ACTION BY POLICY TIME # U address added daniel write 2025-07-27 16:45:45 # U wireguard peer entry added daniel write 2025-07-27 16:44:12 # U device added daniel write 2025-07-27 16:41:29 # U ntp server record added read 1970-01-02 10:00:14 # # software id = BHDV-RXS4 # # model = CCR1009-7G-1C-1S+ # serial number = E3220D0969AA /interface bridge add comment="PPPoE backhaul to DC" name=Bridge-Backhaul-PPPoE protocol-mode=none add name=Bridge-CF-PPPoE add comment=Intercoms name=Bridge-INTERCOM protocol-mode=none add comment="Network Management" name=Bridge-MGMT protocol-mode=none add comment="OLT Local management port" name=Bridge-OLT-LOCAL-MGMT protocol-mode=none add name=Bridge-OLT-SERVICE protocol-mode=none add comment="Loopback interface" name=loopback protocol-mode=none /interface ethernet set [ find default-name=combo1 ] combo-mode=copper comment="AAPT - AG Access" name=combo1-backhaul set [ find default-name=ether1 ] comment="OLT - Board 2 - MNT" name=ether1-olt-mnt-2 set [ find default-name=ether2 ] comment="OLT - Board 2 - Service Port" name=ether2-olt-service-2 set [ find default-name=ether3 ] comment="OLT - Board 1 - MNT" name=ether3-olt-mnt-1 set [ find default-name=ether4 ] comment="OLT - Board 1 - Service Port" name=ether4-olt-service-1 set [ find default-name=ether5 ] comment=Intercom name=ether5-intercom set [ find default-name=ether6 ] comment="Switch Uplink" name=ether6-switch-uplink set [ find default-name=ether7 ] comment="AAPT - AG Access" name=ether7-backhaul /interface wireguard add listen-port=26781 mtu=1420 name=wg-iface private-key="UNP8P57gBsaFyYwhiGS9CgvQuo8IezEUfU48h/1V1XE=" /interface eoip add allow-fast-path=no ipsec-secret=cjKLCzXSTHrD local-address=103.96.4.23 mac-address=02:09:11:B4:A8:80 name=EoIP-FXO remote-address=103.67.56.180 tunnel-id=901 /interface vlan add comment="CFN Uplink" interface=ether6-switch-uplink name=E6.VL102 vlan-id=102 add comment="MGMT - IP range" interface=Bridge-OLT-SERVICE name=OLT-bridge.99 vlan-id=99 add comment="PPPoE Ag access" interface=Bridge-OLT-SERVICE name=OLT-bridge.100 vlan-id=100 add comment=Intercoms interface=Bridge-OLT-SERVICE name=OLT-bridge.101 vlan-id=101 add comment="PPPoE Ag access" interface=Bridge-OLT-SERVICE name=OLT-bridge.102 vlan-id=102 add comment="PPPoE Ag access" interface=Bridge-OLT-SERVICE name=OLT-bridge.103 vlan-id=103 add interface=ether1-olt-mnt-2 name=VL123 use-service-tag=yes vlan-id=123 add comment="Monitoring VLAN" interface=ether6-switch-uplink name=ether6-switch-uplink.90 vlan-id=90 add comment="Management VLAN" interface=ether6-switch-uplink name=ether6-switch-uplink.99 vlan-id=99 add comment="PPPoE VLAN" interface=ether6-switch-uplink name=ether6-switch-uplink.100 vlan-id=100 add comment="Intercom VLAN" interface=ether6-switch-uplink name=ether6-switch-uplink.101 vlan-id=101 add comment="PPPoE CF Access" interface=ether6-switch-uplink name=ether6-switch-uplink.103 vlan-id=103 add comment="Cust: EastSideVillage [1000Mbit]" interface=ether7-backhaul name=ether7-backhaul.100 vlan-id=100 /interface list add name=no-neighbor-discovery-interface-list add name=WAN /interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=dhcp_pool0 ranges=192.168.101.100-192.168.101.200 add name=dhcp_pool1 ranges=10.110.0.2-10.110.0.99 /ip dhcp-server add address-pool=dhcp_pool0 interface=Bridge-INTERCOM lease-time=10m name=dhcp1 add address-pool=dhcp_pool1 interface=Bridge-MGMT lease-time=10m name=dhcp2 /port set 0 name=serial0 set 1 name=serial1 /ppp profile add local-address=10.100.100.1 name=truetelco-vpn remote-address=10.100.100.2 add change-tcp-mss=yes name=OVPN-SmartOLT only-one=yes use-encryption=required use-mpls=no /interface ovpn-client add certificate=SmartOLT-Client cipher=aes256-cbc connect-to=corefibre.smartolt.com mac-address=FE:B0:5A:D2:48:80 name=SmartOLT-VPN password=uXvQIyU6OcSh port=12220 profile=OVPN-SmartOLT user=EastSideVillage@corefibre.smartolt.com verify-server-certificate=yes /routing bgp template set default disabled=no output.network=bgp-networks /routing ospf instance add disabled=no in-filter-chain=ospf-in name=default-v2 out-filter-chain=ospf-out redistribute=connected router-id=10.255.255.65 add disabled=no in-filter-chain=ospf-in name=ospf1-v2 out-filter-chain=ospf-out router-id=10.254.0.2 /routing ospf area add disabled=no instance=default-v2 name=backbone-v2 add disabled=yes instance=ospf1-v2 name=area1-v2 /snmp community set [ find default=yes ] disabled=yes add addresses=::/0 name=CFNCOM add addresses=::/0 name=valve /interface bridge port add bridge=Bridge-OLT-SERVICE ingress-filtering=no interface=ether2-olt-service-2 add bridge=Bridge-OLT-SERVICE ingress-filtering=no interface=ether4-olt-service-1 add bridge=Bridge-OLT-LOCAL-MGMT ingress-filtering=no interface=ether1-olt-mnt-2 add bridge=Bridge-OLT-LOCAL-MGMT ingress-filtering=no interface=ether3-olt-mnt-1 add bridge=Bridge-Backhaul-PPPoE ingress-filtering=no interface=OLT-bridge.100 add bridge=Bridge-Backhaul-PPPoE ingress-filtering=no interface=ether7-backhaul.100 add bridge=Bridge-INTERCOM ingress-filtering=no interface=ether5-intercom add bridge=Bridge-INTERCOM ingress-filtering=no interface=OLT-bridge.101 add bridge=Bridge-MGMT ingress-filtering=no interface=OLT-bridge.99 add bridge=Bridge-MGMT ingress-filtering=no interface=ether6-switch-uplink.99 add bridge=Bridge-INTERCOM ingress-filtering=no interface=ether6-switch-uplink.101 add bridge=Bridge-Backhaul-PPPoE ingress-filtering=no interface=ether6-switch-uplink.100 add bridge=Bridge-CF-PPPoE ingress-filtering=no interface=ether6-switch-uplink.103 add bridge=Bridge-CF-PPPoE ingress-filtering=no interface=OLT-bridge.103 /ip neighbor discovery-settings set discover-interface-list=!no-neighbor-discovery-interface-list /ip settings set max-neighbor-entries=8192 /ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192 /interface l2tp-server server set allow-fast-path=yes enabled=yes ipsec-secret=TrueTelco1#42 one-session-per-host=yes use-ipsec=yes /interface list member add interface=*11 list=no-neighbor-discovery-interface-list add interface=ether7-backhaul list=WAN /interface ovpn-server server set auth=sha1,md5 /interface pppoe-server server add interface=Bridge-CF-PPPoE service-name=service1 /interface pptp-server server # PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead set enabled=yes /interface wireguard peers add allowed-address=10.110.0.0/24,192.168.90.0/24,192.168.101.0/24,10.255.3.2/32 interface=wg-iface persistent-keepalive=30s public-key="Sug5gsdecC+owh35YUK4W9rnC5P3wiaFodf3s/WuJSQ=" /ip address add address=10.11.104.1/24 comment="OLT local management only" interface=Bridge-OLT-LOCAL-MGMT network=10.11.104.0 add address=10.11.103.1/24 comment="OLT management IP" interface=Bridge-MGMT network=10.11.103.0 add address=192.168.101.1/24 interface=Bridge-INTERCOM network=192.168.101.0 add address=10.110.0.1/24 comment="Management Network" interface=Bridge-MGMT network=10.110.0.0 add address=10.200.216.2/30 interface=ether7-backhaul network=10.200.216.0 add address=103.96.4.23 interface=loopback network=103.96.4.23 add address=10.255.255.65 interface=loopback network=10.255.255.65 add address=192.168.90.1/24 comment="Monitoring Network" interface=ether6-switch-uplink.90 network=192.168.90.0 add address=10.100.101.2/30 interface=ether1-olt-mnt-2 network=10.100.101.0 add address=10.103.103.2/30 interface=ether1-olt-mnt-2 network=10.103.103.0 add address=10.103.101.2/30 interface=E6.VL102 network=10.103.101.0 add address=10.90.1.2/30 interface=EoIP-FXO network=10.90.1.0 add address=10.255.3.1/24 interface=wg-iface network=10.255.3.0 /ip cloud set ddns-enabled=yes /ip dhcp-client # DHCP client can not run on slave or passthrough interface! add default-route-distance=10 interface=ether5-intercom /ip dhcp-server lease add address=192.168.101.251 client-id=1:c:11:5:d:d6:59 mac-address=0C:11:05:0D:D6:59 server=dhcp1 add address=192.168.101.250 client-id=1:c:11:5:d:d5:a2 mac-address=0C:11:05:0D:D5:A2 server=dhcp1 add address=10.110.0.2 client-id=1:48:8f:5a:12:b4:de mac-address=48:8F:5A:12:B4:DE server=dhcp2 add address=192.168.101.103 client-id=1:60:19:29:11:1:32 mac-address=60:19:29:11:01:32 server=dhcp1 add address=192.168.101.102 client-id=1:c:11:5:f:86:3f mac-address=0C:11:05:0F:86:3F server=dhcp1 add address=192.168.101.111 client-id=1:c:11:5:f:87:25 mac-address=0C:11:05:0F:87:25 server=dhcp1 add address=192.168.101.113 client-id=1:c:11:5:f:8e:53 mac-address=0C:11:05:0F:8E:53 server=dhcp1 add address=10.110.0.3 client-id=1:8c:fd:18:11:4b:ba mac-address=8C:FD:18:11:4B:BA server=dhcp2 add address=192.168.101.114 client-id=1:2c:c8:1b:6c:4f:eb mac-address=2C:C8:1B:6C:4F:EB server=dhcp1 add address=192.168.101.115 client-id=1:c:11:5:f:87:2d mac-address=0C:11:05:0F:87:2D server=dhcp1 add address=192.168.101.118 client-id=1:c:11:5:f:8e:c9 mac-address=0C:11:05:0F:8E:C9 server=dhcp1 add address=192.168.101.119 client-id=1:c:11:5:f:89:69 mac-address=0C:11:05:0F:89:69 server=dhcp1 add address=192.168.101.130 client-id=1:c:11:5:f:8b:4b mac-address=0C:11:05:0F:8B:4B server=dhcp1 add address=10.110.0.4 client-id=1:8c:fd:18:44:b4:c0 mac-address=8C:FD:18:44:B4:C0 server=dhcp2 add address=192.168.101.139 client-id=1:c:11:5:f:87:5 mac-address=0C:11:05:0F:87:05 server=dhcp1 add address=10.110.0.6 client-id=1:98:35:ed:1c:fe:3a mac-address=98:35:ED:1C:FE:3A server=dhcp2 add address=192.168.101.140 client-id=1:c:11:5:f:8d:d5 mac-address=0C:11:05:0F:8D:D5 server=dhcp1 add address=192.168.101.146 client-id=1:c:11:5:f:81:a9 mac-address=0C:11:05:0F:81:A9 server=dhcp1 add address=192.168.101.151 client-id=1:c:11:5:f:8f:1f mac-address=0C:11:05:0F:8F:1F server=dhcp1 add address=192.168.101.163 client-id=1:c:11:5:f:8e:8b mac-address=0C:11:05:0F:8E:8B server=dhcp1 add address=192.168.101.156 client-id=1:c:11:5:f:80:d1 mac-address=0C:11:05:0F:80:D1 server=dhcp1 add address=192.168.101.131 client-id=1:c:11:5:f:85:e1 mac-address=0C:11:05:0F:85:E1 server=dhcp1 add address=192.168.101.149 client-id=1:c:11:5:f:8a:19 mac-address=0C:11:05:0F:8A:19 server=dhcp1 add address=192.168.101.133 client-id=1:c:11:5:f:8f:13 mac-address=0C:11:05:0F:8F:13 server=dhcp1 add address=192.168.101.167 client-id=1:c:11:5:f:8d:d9 mac-address=0C:11:05:0F:8D:D9 server=dhcp1 add address=192.168.101.162 client-id=1:c:11:5:f:8e:6b mac-address=0C:11:05:0F:8E:6B server=dhcp1 add address=192.168.101.128 client-id=1:c:11:5:f:8e:d5 mac-address=0C:11:05:0F:8E:D5 server=dhcp1 add address=192.168.101.138 client-id=1:c:11:5:f:7a:cd mac-address=0C:11:05:0F:7A:CD server=dhcp1 add address=192.168.101.170 client-id=1:c:11:5:f:7f:7b mac-address=0C:11:05:0F:7F:7B server=dhcp1 add address=192.168.101.121 client-id=1:c:11:5:f:86:1d mac-address=0C:11:05:0F:86:1D server=dhcp1 add address=192.168.101.110 client-id=1:c:11:5:f:83:cd mac-address=0C:11:05:0F:83:CD server=dhcp1 add address=192.168.101.143 client-id=1:c:11:5:f:84:11 mac-address=0C:11:05:0F:84:11 server=dhcp1 add address=192.168.101.144 client-id=1:c:11:5:f:8e:c5 mac-address=0C:11:05:0F:8E:C5 server=dhcp1 add address=192.168.101.126 client-id=1:c:11:5:f:85:41 mac-address=0C:11:05:0F:85:41 server=dhcp1 add address=192.168.101.109 client-id=1:c:11:5:f:8d:df mac-address=0C:11:05:0F:8D:DF server=dhcp1 add address=192.168.101.141 client-id=1:c:11:5:f:8d:fd mac-address=0C:11:05:0F:8D:FD server=dhcp1 add address=192.168.101.104 client-id=1:c:11:5:f:85:45 mac-address=0C:11:05:0F:85:45 server=dhcp1 add address=192.168.101.127 client-id=1:c:11:5:f:8e:7d mac-address=0C:11:05:0F:8E:7D server=dhcp1 add address=192.168.101.159 client-id=1:c:11:5:f:85:27 mac-address=0C:11:05:0F:85:27 server=dhcp1 add address=192.168.101.137 client-id=1:c:11:5:f:88:b3 mac-address=0C:11:05:0F:88:B3 server=dhcp1 add address=192.168.101.105 client-id=1:c:11:5:f:84:2b mac-address=0C:11:05:0F:84:2B server=dhcp1 add address=192.168.101.135 client-id=1:c:11:5:f:86:47 mac-address=0C:11:05:0F:86:47 server=dhcp1 add address=192.168.101.168 client-id=1:c:11:5:f:83:e3 mac-address=0C:11:05:0F:83:E3 server=dhcp1 add address=192.168.101.171 client-id=1:c:11:5:f:7d:69 mac-address=0C:11:05:0F:7D:69 server=dhcp1 add address=192.168.101.107 client-id=1:c:11:5:f:8c:b5 mac-address=0C:11:05:0F:8C:B5 server=dhcp1 add address=192.168.101.169 client-id=1:c:11:5:f:87:95 mac-address=0C:11:05:0F:87:95 server=dhcp1 add address=192.168.101.157 client-id=1:c:11:5:f:80:e5 mac-address=0C:11:05:0F:80:E5 server=dhcp1 add address=192.168.101.101 client-id=1:c:11:5:f:7c:7b mac-address=0C:11:05:0F:7C:7B server=dhcp1 add address=192.168.101.165 client-id=1:c:11:5:f:8a:3f mac-address=0C:11:05:0F:8A:3F server=dhcp1 add address=192.168.101.123 client-id=1:c:11:5:f:7a:75 mac-address=0C:11:05:0F:7A:75 server=dhcp1 add address=192.168.101.155 client-id=1:c:11:5:f:87:7d mac-address=0C:11:05:0F:87:7D server=dhcp1 add address=192.168.101.154 client-id=1:c:11:5:f:82:eb mac-address=0C:11:05:0F:82:EB server=dhcp1 add address=192.168.101.148 client-id=1:c:11:5:f:87:d3 mac-address=0C:11:05:0F:87:D3 server=dhcp1 add address=192.168.101.174 client-id=1:c:11:5:f:8a:59 mac-address=0C:11:05:0F:8A:59 server=dhcp1 add address=192.168.101.117 client-id=1:c:11:5:f:85:af mac-address=0C:11:05:0F:85:AF server=dhcp1 add address=192.168.101.132 client-id=1:c:11:5:f:89:59 mac-address=0C:11:05:0F:89:59 server=dhcp1 add address=192.168.101.116 client-id=1:c:11:5:f:7a:b1 mac-address=0C:11:05:0F:7A:B1 server=dhcp1 add address=192.168.101.120 client-id=1:c:11:5:f:8b:49 mac-address=0C:11:05:0F:8B:49 server=dhcp1 add address=192.168.101.166 client-id=1:c:11:5:f:80:4b mac-address=0C:11:05:0F:80:4B server=dhcp1 add address=192.168.101.160 client-id=1:c:11:5:f:8f:3 mac-address=0C:11:05:0F:8F:03 server=dhcp1 add address=192.168.101.125 client-id=1:c:11:5:f:85:3f mac-address=0C:11:05:0F:85:3F server=dhcp1 add address=192.168.101.150 client-id=1:c:11:5:f:88:7b mac-address=0C:11:05:0F:88:7B server=dhcp1 add address=192.168.101.136 client-id=1:c:11:5:f:8a:47 mac-address=0C:11:05:0F:8A:47 server=dhcp1 add address=192.168.101.112 client-id=1:c:11:5:f:85:f5 mac-address=0C:11:05:0F:85:F5 server=dhcp1 add address=192.168.101.147 client-id=1:c:11:5:f:85:f1 mac-address=0C:11:05:0F:85:F1 server=dhcp1 add address=192.168.101.106 client-id=1:c:11:5:f:86:f mac-address=0C:11:05:0F:86:0F server=dhcp1 add address=192.168.101.164 client-id=1:c:11:5:f:8e:51 mac-address=0C:11:05:0F:8E:51 server=dhcp1 add address=192.168.101.152 client-id=1:c:11:5:f:8e:3 mac-address=0C:11:05:0F:8E:03 server=dhcp1 add address=192.168.101.129 client-id=1:c:11:5:f:7a:b3 mac-address=0C:11:05:0F:7A:B3 server=dhcp1 add address=192.168.101.124 client-id=1:c:11:5:f:85:e9 mac-address=0C:11:05:0F:85:E9 server=dhcp1 /ip dhcp-server network add address=10.110.0.0/24 gateway=10.110.0.1 add address=192.168.101.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.101.1 /ip dns set servers=8.8.8.8,8.8.4.4 /ip firewall address-list add address=portal.valvenetworks.com.au list=TrustedIPs add address=ho.intervisp.net list=TrustedIPs add address=103.96.5.254 comment="Murray's House" list=TrustedIPs add address=103.96.4.252 comment="Steve Home" list=TrustedIPs add address=nms.valvenetworks.net list=TrustedIPs add address=rancid.valvenetworks.net list=TrustedIPs add address=113.212.92.22 comment=Koki list=TrustedIPs add address=172.16.0.0/12 list=TrustedIPs add address=10.0.0.0/8 list=TrustedIPs add address=192.168.0.0/16 list=TrustedIPs add address=110.175.218.210 comment="True Telco Office Address" list=TrustedIPs add address=office.fixtel.com.au comment="True Telco Office Address" list=TrustedIPs add address=office.truetelco.com.au comment="True Telco Office Address" list=TrustedIPs add address=office.corefibre.com.au comment="True Telco Office Address" list=TrustedIPs add address=zabbix.corefibre.com.au comment=zabbix.corefibre.com.au list=TrustedIPs add address=103.66.134.62 list=TrustedIPs add address=103.26.71.131 list=TrustedIPs add address=103.67.56.0/23 list=TrustedIPs add address=acl.manisp.au list=TrustedIPs /ip firewall filter add action=accept chain=input comment="Allow ICMP in WAN" protocol=icmp add action=accept chain=input comment="Allow OSPF in WAN" in-interface-list=WAN protocol=ospf add action=accept chain=input comment="Allow TrustedIPs in WAN" src-address-list=TrustedIPs add action=accept chain=input comment="Allow established & related in WAN" connection-state=established,related in-interface-list=WAN add action=drop chain=input comment="Drop all in WAN" in-interface-list=WAN add action=accept chain=forward comment="Allow established & related forwards" connection-state=established,related in-interface-list=WAN add action=drop chain=forward comment="Drop invalid forwards" connection-state=invalid in-interface-list=WAN /ip firewall nat add action=accept chain=srcnat comment="SmartOLT-VPN traffic excluded from NAT" out-interface=SmartOLT-VPN add action=src-nat chain=srcnat out-interface-list=WAN protocol=!ospf to-addresses=103.96.4.23 add action=dst-nat chain=dstnat comment=OLT dst-port=2333 in-interface-list=WAN protocol=tcp to-addresses=10.11.104.2 to-ports=23 add action=dst-nat chain=dstnat comment="SSH to Switch" dst-port=2222 in-interface-list=WAN protocol=tcp to-addresses=10.110.0.2 to-ports=22 add action=dst-nat chain=dstnat comment=OLT dst-port=2161 in-interface-list=WAN protocol=udp to-addresses=10.11.104.2 to-ports=161 add action=dst-nat chain=dstnat comment="winbox to CRS328 from TrustedIPs" dst-address=103.96.4.23 dst-port=8292 protocol=tcp src-address-list=TrustedIPs to-addresses=10.110.0.2 to-ports=8291 add action=dst-nat chain=dstnat comment="SNMP to CRS328 from TrustedIPs" dst-address=103.96.4.23 dst-port=163 protocol=udp src-address-list=TrustedIPs to-addresses=10.110.0.2 to-ports=161 add action=dst-nat chain=dstnat comment="SSH Switch" dst-address=103.96.4.23 dst-port=221 protocol=tcp src-address-list=TrustedIPs to-addresses=10.110.0.2 to-ports=22 add action=dst-nat chain=dstnat comment="winbox to CRS328 from TrustedIPs" dst-address=103.96.4.23 dst-port=80 protocol=tcp src-address-list=TrustedIPs to-addresses=192.168.101.134 to-ports=80 add action=src-nat chain=srcnat comment="Set outbound IP for management network internet access" src-address=10.110.0.0/24 to-addresses=103.96.4.23 /ip route add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=10.200.216.1 pref-src=103.96.4.23 add disabled=no dst-address=192.168.1.0/24 gateway=10.90.1.1 /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set api disabled=yes set api-ssl disabled=yes /ppp secret add name=valve password=lkdh36aA profile=truetelco-vpn service=l2tp add name=ttadmin password="Tru3t3lc0@\$" profile=truetelco-vpn service=l2tp /routing bfd configuration add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5 /routing filter rule add chain=ospf-out comment="Allow Export of Valve IP address" disabled=no rule="if (dst in 103.96.4.0/22 && dst-len in 22-32) { accept; }" add chain=ospf-out comment="Allow Export of the Loopback" disabled=no rule="if (dst in 10.255.255.65 && dst-len == 32) { accept; }" add chain=ospf-out comment="Discard all inputs from upstream" disabled=no rule="if (dst in 100.64.0.0/16 && dst-len in 16-32) { reject; }" add chain=ospf-out comment="Discard all inputs from upstream" disabled=no rule="if (dst in 10.0.0.0/8 && dst-len in 8-32) { reject; }" add chain=ospf-out comment="Discard all inputs from upstream" disabled=no rule="if (dst in 192.168.0.0/16 && dst-len in 16-32) { reject; }" add chain=ospf-out comment="Discard all inputs from upstream" disabled=no rule="if (dst in 172.16.0.0/12 && dst-len in 12-32) { reject; }" add chain=ospf-in comment="Discard all inputs from upstream" disabled=no rule="if (dst in 0.0.0.0/0 && dst-len in 0-32) { reject; }" add chain=ospf-out comment="Disable all other IP address" disabled=no rule="if (dst in 0.0.0.0/0 && dst-len in 0-32) { reject; }" /routing ospf interface-template add area=backbone-v2 disabled=no interfaces=ether7-backhaul networks=10.200.216.0/30 priority=1 /snmp set contact=noc@corefibre.com.au enabled=yes location="Hawthorn East,Victoria,Australia" trap-community=CFNCOM trap-version=2 /system clock set time-zone-name=Australia/Melbourne /system identity set name=757ToorakRd-R1.CFN.VIC.intervisp.net /system note set show-at-login=no /system ntp client set enabled=yes /system ntp client servers add address=au.pool.ntp.org /system scheduler add name=reboot-once on-event="/system reboot" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2022-07-26 start-time=04:00:00 /tool romon set enabled=yes secrets=CFN