# model: CCR1009-7G-1C-1S+ # serial-number: E3220D14F14F # firmware-type: tilegx # current-firmware: 6.45.9 # installed-version: 6.49.13 # Flags: U - undoable, R - redoable, F - floating-undo # ACTION BY POLICY # U address list entry added cfnadmin write # U ip service changed daniel write # U user daniel added cfnadmin write # policy # U user oxidized added cfnadmin write # policy # U device changed cfnadmin write # U address list entry added cfnadmin write # # software id = BYXG-CUQA # # model = CCR1009-7G-1C-1S+ # serial number = E3220D14F14F /interface bridge add name=LOOPBACK add name=bridge-PPPoE /interface ethernet set [ find default-name=combo1 ] comment=Main-Transit-Line set [ find default-name=ether1 ] comment="Uplink to PoE switch and radio link to Teri Apartments" set [ find default-name=ether2 ] comment="Customer - Solutions WON" set [ find default-name=ether3 ] comment=True-Telco_client set [ find default-name=ether5 ] disabled=yes /interface vlan add comment="Cust: BridportSt [1000Mbit]" interface=combo1 name=combo1.2000 vlan-id=2000 add interface=ether1 name=ether1.100 vlan-id=100 /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=dhcp_pool0 ranges=192.168.90.2-192.168.90.254 add name=dhcp_pool1 ranges=192.168.90.2-192.168.90.254 /ip dhcp-server add address-pool=dhcp_pool0 disabled=no interface=ether1 name=dhcp1 add address-pool=dhcp_pool1 disabled=no interface=ether3 name=dhcp2 /ppp profile add local-address=192.168.255.20 name=l2tp remote-address=192.168.255.21 /routing ospf instance set [ find default=yes ] redistribute-connected=as-type-1 router-id=10.255.255.70 /snmp community add addresses=::/0 name=valve add addresses=::/0 name=CFNCOM /user group set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp" /interface bridge port add bridge=bridge-PPPoE interface=ether2 add bridge=bridge-PPPoE interface=combo1.2000 add bridge=bridge-PPPoE interface=ether1.100 /ip neighbor discovery-settings set discover-interface-list=all /interface l2tp-server server set default-profile=l2tp enabled=yes ipsec-secret=TrueTelco1#42 one-session-per-host=yes use-ipsec=required /ip address add address=10.200.214.2/30 interface=combo1 network=10.200.214.0 add address=192.168.90.1/24 interface=ether1 network=192.168.90.0 add address=10.255.255.75 interface=LOOPBACK network=10.255.255.75 add address=10.200.214.17/28 interface=ether1 network=10.200.214.16 add address=103.96.4.38 interface=LOOPBACK network=103.96.4.38 add address=192.168.91.254/24 interface=ether1 network=192.168.91.0 add address=192.168.90.1/24 interface=ether3 network=192.168.90.0 add address=192.168.40.1/30 interface=ether2 network=192.168.40.0 /ip dhcp-server lease add address=192.168.90.253 client-id=1:48:8f:5a:81:a5:5c mac-address=48:8F:5A:81:A5:5C server=dhcp1 add address=192.168.90.251 client-id=1:48:8f:5a:e9:e3:94 mac-address=48:8F:5A:E9:E3:94 server=dhcp1 /ip dhcp-server network add address=192.168.90.0/24 dns-server=8.8.8.8 gateway=192.168.90.1 /ip dns set servers=8.8.8.8,8.8.4.4 /ip firewall address-list add address=valve-space-router.qld.valvenetworks.net comment="valve office" list=TrustedIPs add address=valve-koki-router.vic.valvenetworks.net comment="valve office" list=TrustedIPs add address=nms.valvenetworks.net comment=NMS list=TrustedIPs add address=rancid.valvenetworks.net comment=Rancid list=TrustedIPs add address=103.96.4.252 list=TrustedIPs add address=110.175.218.210 comment="CFN NMS IP Address" list=TrustedIPs add address=office.fixtel.com.au comment="True Telco Office Address" list=TrustedIPs add address=office.truetelco.com.au comment="True Telco Office Address" list=TrustedIPs add address=office.corefibre.com.au comment="True Telco Office Address" list=TrustedIPs add address=103.96.5.254 list=TrustedIPs add address=103.67.56.0/23 list=TrustedIPs add address=acl.manisp.au list=TrustedIPs add address=43.224.182.114 comment=Zabbix list=TrustedIPs /ip firewall filter add action=accept chain=input comment="Allow ICMP input" protocol=icmp add action=accept chain=input comment="Allow input from trusted addresses" src-address-list=TrustedIPs add action=accept chain=input comment="Allow input from L2TP IPSEC L2TP" dst-port=500,1701,4500 protocol=udp add action=drop chain=input comment="Drop external using DNS inbound requests" connection-state=new dst-port=53 in-interface=combo1 protocol=udp add action=accept chain=input comment="Allow established & related input" connection-state=established,related in-interface=combo1 add action=accept chain=input comment="Allow OSPF input" in-interface=combo1 protocol=ospf add action=drop chain=input comment="Drop all in backhaul" in-interface=combo1 add action=accept chain=forward comment="Allow established & related forwards" connection-state=established,related add action=drop chain=forward connection-state=invalid disabled=yes log=yes /ip firewall nat add action=src-nat chain=srcnat out-interface=combo1 src-address=192.168.91.0/24 to-addresses=103.96.4.38 add action=dst-nat chain=dstnat comment="DST to Teri01-TRUEClinent.AP.intervisp.net.au : Winbox" dst-address=103.96.4.38 dst-port=8294 protocol=tcp src-address-list=TrustedIPs to-addresses=192.168.91.10 to-ports=8291 add action=dst-nat chain=dstnat comment="DST to Teri01-TRUEClinent.AP.intervisp.net.au : Winbox" dst-address=103.96.4.38 dst-port=8295 protocol=tcp src-address-list=TrustedIPs to-addresses=192.168.91.11 to-ports=8291 add action=accept chain=srcnat disabled=yes out-interface=combo1 src-address=192.168.0.0/16 add action=dst-nat chain=dstnat dst-port=8292 in-interface=combo1 protocol=tcp src-address=103.96.4.0/22 to-addresses=192.168.90.251 to-ports=8291 add action=dst-nat chain=dstnat dst-port=8293 in-interface=combo1 protocol=tcp src-address=103.96.4.0/22 to-addresses=192.168.90.253 to-ports=8291 /ip route add distance=1 gateway=10.200.214.1 pref-src=103.96.4.38 /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set api disabled=yes set api-ssl disabled=yes /ppp secret add name=ttadmin password="Tru3t3lc0@\$" profile=l2tp service=l2tp /routing filter add action=discard chain=ospf-in comment="Discard all inputs from upstream" prefix=0.0.0.0/0 prefix-length=0-32 add action=accept chain=ospf-out comment="Allow Export of Valve IP address" prefix=103.96.4.0/22 prefix-length=22-32 add action=accept chain=ospf-out comment="Allow Export of the Router ID" prefix=10.255.255.75 prefix-length=32 add action=discard chain=ospf-out comment="Discard all inputs from upstream" prefix=100.64.0.0/16 prefix-length=16-32 add action=discard chain=ospf-out comment="Discard all inputs from upstream" prefix=10.0.0.0/8 prefix-length=8-32 add action=discard chain=ospf-out comment="Discard all inputs from upstream" prefix=192.168.0.0/16 prefix-length=16-32 add action=discard chain=ospf-out comment="Discard all inputs from upstream" prefix=172.16.0.0/12 prefix-length=12-32 add action=discard chain=ospf-out comment="Disable all other IP address" prefix=0.0.0.0/0 prefix-length=0-32 /snmp set contact=noc@valvenetworks.com.au enabled=yes location=Bridport01.mlb.intervisp.net trap-version=2 /system clock set time-zone-autodetect=no time-zone-name=Australia/Melbourne /system identity set name=Bridport-R1.CFN.VIC.intervisp.net /system ntp client set enabled=yes server-dns-names=au.pool.ntp.org /system package update set channel=long-term /system scheduler add name=reboot-once on-event="/system reboot" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jul/25/2024 start-time=02:00:00