# model: CCR1009-7G-1C-1S+ # serial-number: E3220EA2E6F1 # firmware-type: tilegx # current-firmware: 6.47.10 # installed-version: 6.48.6 # Flags: U - undoable, R - redoable, F - floating-undo # ACTION BY POLICY # U nat rule added cfnadmin write # U nat rule added valvenetworks write # U device added valvenetworks write # U ppp profile added valvenetworks write # U ppp profile removed valvenetworks write # U device removed valvenetworks write # U device changed valvenetworks write # U nat rule removed valvenetworks write # U filter rule changed valvenetworks write # U filter rule removed valvenetworks write # U item removed valvenetworks write # U item removed valvenetworks write # U item removed valvenetworks write # U item removed valvenetworks write # U OSPFv2 network removed valvenetworks write # U OSPFv2 network changed valvenetworks write # U OSPFv2 network changed valvenetworks write # U address removed valvenetworks write # U address removed valvenetworks write # U address removed valvenetworks write # U interface list member changed valvenetworks write # U OSPFv2 area backbone changed valvenetworks write # U address changed valvenetworks write # U address changed valvenetworks write # U address changed valvenetworks write # U OSPFv2 instance changed valvenetworks write # U OSPFv2 network changed valvenetworks write # U device added valvenetworks write # U address list entry added cfnadmin write # U package channel changed daniel write # U device changed daniel write # U ip service changed daniel write # U user daniel added cfnadmin write # policy # U user oxidized added cfnadmin write # policy # U device changed cfnadmin write # U address list entry added cfnadmin write # U nat rule removed valvenetworks write # U nat rule removed valvenetworks write # U nat rule removed valvenetworks write # U nat rule removed valvenetworks write # U nat rule changed valvenetworks write # U nat rule changed valvenetworks write # U nat rule added valvenetworks write # U RADIUS client changed valvenetworks write # U RADIUS client changed valvenetworks write # U address list entry changed valvenetworks write # U ip service changed valvenetworks write # U user AAA settings changed valvenetworks write # policy # U RADIUS client added valvenetworks write # U RADIUS client added valvenetworks write # U nat rule changed cfnadmin write # U address list entry added cfnadmin write # U nat rule changed cfnadmin write # U nat rule changed cfnadmin write # U nat rule changed cfnadmin write # U nat rule changed cfnadmin write # U nat rule moved cfnadmin write # U nat rule changed cfnadmin write # U nat rule changed cfnadmin write # U nat rule added cfnadmin write # U nat rule changed cfnadmin write # U address removed cfnadmin write # U pool dhcp_pool3 changed cfnadmin write # U dhcp lease removed cfnadmin write # U address added cfnadmin write # U dhcp server dhcp3 changed cfnadmin write # U nat rule changed cfnadmin write # U address changed cfnadmin write # U dhcp server dhcp3 changed cfnadmin write # U dhcp server dhcp3 added cfnadmin write # U dhcp network added cfnadmin write # U pool dhcp_pool3 added cfnadmin write # U nat rule changed cfnadmin write # U nat rule added cfnadmin write # U nat rule removed cfnadmin write # U nat rule changed cfnadmin write # U nat rule changed cfnadmin write # U nat rule added cfnadmin write # U address added cfnadmin write # U device added cfnadmin write # U item added cfnadmin write # U address list entry added cfnadmin write # U nat rule added cfnadmin write # U changed snmp settings cfnadmin write # U address list entry changed cfnadmin write # U address list entry added cfnadmin write # U changed snmp settings cfnadmin write # U item changed cfnadmin write # U device changed cfnadmin write # U dhcp server dhcp2 changed cfnadmin write # U address changed cfnadmin write # U device added cfnadmin write # U device removed cfnadmin write # U device changed cfnadmin write # U item changed cfnadmin write # # software id = 79JG-7EW3 # # model = CCR1009-7G-1C-1S+ # serial number = E3220EA2E6F1 /interface bridge add name=loopback protocol-mode=none /interface ethernet set [ find default-name=combo1 ] combo-mode=sfp set [ find default-name=sfp-sfpplus1 ] name=sfp-sfpplus1-SwitchUplink /interface vlan add interface=sfp-sfpplus1-SwitchUplink name=sfp-sfpplus1-SwitchUplink.90 vlan-id=90 add interface=sfp-sfpplus1-SwitchUplink name=sfp-sfpplus1-SwitchUplink.95 vlan-id=95 add comment="OLT OOB MANAGEMENT VLAN" interface=sfp-sfpplus1-SwitchUplink name=sfp-sfpplus1-SwitchUplink.98 vlan-id=98 add comment="GPON Management VLAN" interface=sfp-sfpplus1-SwitchUplink name=sfp-sfpplus1-SwitchUplink.99 vlan-id=99 add comment="GPON PPPoE VLAN" interface=sfp-sfpplus1-SwitchUplink name=sfp-sfpplus1-SwitchUplink.100 vlan-id=100 add interface=sfp-sfpplus1-SwitchUplink name=sfp-sfpplus1-SwitchUplink.2600 vlan-id=2600 /interface pppoe-client add add-default-route=yes disabled=no interface=sfp-sfpplus1-SwitchUplink.100 max-mru=1500 max-mtu=1500 name=pppoe-out-valve password=YipjxIPfX use-peer-dns=yes user=plazacentral@corefibre.com.au /interface list add name=no-neighbor-discovery-interface-list /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=dhcp_pool0 ranges=10.100.99.1-10.100.99.253 add name=dhcp_pool1 ranges=10.113.0.200-10.113.0.220 add name=dhcp_pool2 ranges=192.168.90.1-192.168.90.253 add name=dhcp_pool3 ranges=192.168.1.2-192.168.1.200 /ip dhcp-server add address-pool=dhcp_pool1 disabled=no interface=sfp-sfpplus1-SwitchUplink.99 name=dhcp1 add address-pool=dhcp_pool2 disabled=no interface=sfp-sfpplus1-SwitchUplink.90 name=dhcp2 add address-pool=dhcp_pool3 disabled=no interface=sfp-sfpplus1-SwitchUplink.95 name=dhcp3 /ppp profile add local-address=192.168.255.5 name=l2tp add change-tcp-mss=yes name=OVPN-SmartOLT only-one=yes use-encryption=required use-mpls=no /interface ovpn-client add certificate=SmartOLT-Client-PlazaCentral cipher=aes256 connect-to=corefibre.smartolt.com mac-address=FE:F0:65:8B:C4:F7 name=SmartOLT-VPN password=de092cfCiqrK port=12220 profile=OVPN-SmartOLT user=PlazaCentral@corefibre.smartolt.com verify-server-certificate=yes /routing ospf area set [ find default=yes ] disabled=yes /routing ospf instance set [ find default=yes ] disabled=yes redistribute-connected=as-type-2 router-id=10.255.255.61 /snmp community set [ find default=yes ] name=valve add addresses=::/0 name=CFNCOM /ip neighbor discovery-settings set discover-interface-list=all /interface bridge vlan add bridge=loopback comment="GPON Management" tagged=ether2,ether4,sfp-sfpplus1-SwitchUplink untagged=ether6 vlan-ids=99 add bridge=loopback comment="General Management" tagged=loopback,ether2,ether4,sfp-sfpplus1-SwitchUplink untagged=ether7 vlan-ids=90 add bridge=loopback tagged=loopback,sfp-sfpplus1-SwitchUplink vlan-ids=95 /interface l2tp-server server set default-profile=l2tp enabled=yes ipsec-secret=TrueTelco1#42 one-session-per-host=yes use-ipsec=required /interface list member add list=no-neighbor-discovery-interface-list /ip address add address=10.11.104.254/24 interface=sfp-sfpplus1-SwitchUplink.98 network=10.11.104.0 add address=10.113.0.254/24 interface=sfp-sfpplus1-SwitchUplink.99 network=10.113.0.0 add address=192.168.90.1/24 interface=sfp-sfpplus1-SwitchUplink.90 network=192.168.90.0 add address=192.168.1.254/24 interface=sfp-sfpplus1-SwitchUplink.95 network=192.168.1.0 /ip dhcp-server lease add address=10.113.0.218 client-id=1:dc:2c:6e:b1:90:56 mac-address=DC:2C:6E:B1:90:56 server=dhcp1 /ip dhcp-server network add address=10.113.0.0/24 gateway=10.113.0.254 add address=192.168.1.0/24 gateway=192.168.1.1 add address=192.168.90.0/24 dns-server=192.168.90.254 gateway=192.168.90.254 /ip dns set servers=8.8.8.8,8.8.4.4 /ip firewall address-list add address=valve-space-router.qld.valvenetworks.net comment="valve office" list=TrustedIPs add address=valve-koki-router.vic.valvenetworks.net comment="valve office" list=TrustedIPs add address=nms.valvenetworks.net comment=NMS list=TrustedIPs add address=oxidized.valvenetworks.net comment=Rancid list=TrustedIPs add address=Zabbix.fixtel.com.au list=TrustedIPs add address=syd1.smartolt.com list=TrustedIPs add address=office.corefibre.com.au list=TrustedIPs add address=tools.corefibre.com.au comment=tools.corefibre.com.au list=TrustedIPs add address=zabbix.corefibre.com.au comment=tools.corefibre.com.au list=TrustedIPs add address=103.67.56.0/23 list=TrustedIPs add address=acl.manisp.au list=TrustedIPs add address=43.224.182.114 comment=Zabbix list=TrustedIPs /ip firewall filter add action=accept chain=input comment="Allow ICMP in" protocol=icmp add action=accept chain=input comment="Allow established & related in" connection-state=established,related add action=accept chain=input comment=l2tp dst-port=500,1701,4500 protocol=udp add action=accept chain=input comment="Allow all input from TrustedIPs" src-address-list=TrustedIPs add action=drop chain=input comment="Drop all input" in-interface=pppoe-out-valve add action=accept chain=forward comment="Allow established & related forwards" connection-state=established,related add action=drop chain=forward comment="Drop invalid forwards" connection-state=invalid /ip firewall nat add action=accept chain=srcnat comment="SmartOLT-VPN traffic excluded from NAT" out-interface=SmartOLT-VPN add action=src-nat chain=srcnat comment="Set NAT IP for outbound clients" out-interface=sfp-sfpplus1-SwitchUplink.2600 src-address=10.113.0.0/24 to-addresses=103.96.6.28 add action=src-nat chain=srcnat comment="Set NAT IP for outbound clients" out-interface=sfp-sfpplus1-SwitchUplink.2600 src-address=10.11.104.0/24 to-addresses=103.96.6.28 add action=dst-nat chain=dstnat comment="Zabbix proxy" dst-address=103.96.6.28 dst-port=10050 protocol=tcp to-addresses=192.168.90.3 to-ports=10050 add action=netmap chain=srcnat comment="Set NAT IP for outbound on TT monitoring network" src-address=192.168.90.0/24 to-addresses=103.96.6.28 add action=netmap chain=srcnat comment="Set NAT IP for outbound on TT monitoring network" disabled=yes src-address=192.168.1.0/24 to-addresses=103.96.6.28 add action=dst-nat chain=dstnat comment="Winbox to switch" dst-address=103.96.6.28 dst-port=8292 protocol=tcp src-address-list=TrustedIPs to-addresses=10.113.0.218 to-ports=8291 add action=dst-nat chain=dstnat comment="Winbox to switch" dst-port=222 protocol=tcp src-address-list=TrustedIPs to-addresses=192.168.90.4 to-ports=22 add action=dst-nat chain=dstnat comment="SSH to switch" dst-address=103.96.6.28 dst-port=2222 protocol=tcp src-address-list=TrustedIPs to-addresses=10.113.0.218 to-ports=22 add action=dst-nat chain=dstnat comment="SNMP to Switch" dst-address=103.96.6.28 dst-port=163 protocol=udp src-address-list=TrustedIPs to-addresses=10.113.0.218 to-ports=161 /ip route add distance=1 gateway=10.200.217.1 pref-src=103.96.6.28 /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set api disabled=yes set api-ssl disabled=yes /ppp secret add name=ttadmin password="Tru3t3lc0@\$" profile=l2tp remote-address=192.168.255.6 service=l2tp add name=valve password=lkdh36aA profile=l2tp remote-address=192.168.255.7 service=l2tp /radius add address=103.16.129.23 comment=radius-1.intervisp.net.au secret=cfbCXBV!!kk! service=login src-address=103.96.6.28 add address=43.229.61.238 comment=radius-2.intervisp.net.au secret=cfbCXBV!!kk! service=login src-address=103.96.6.28 /snmp set contact=noc@corefibre.com.au enabled=yes location=Maroochydore,Australia trap-community=CFNCOM trap-version=2 /system clock set time-zone-name=Australia/Brisbane /system identity set name=PlazaCentral-R.CFN.QLD.intervisp.net /system ntp client set enabled=yes server-dns-names=au.pool.ntp.org /system package update set channel=upgrade /system ups add name=ups1 port=usbhid2 /tool romon set enabled=yes secrets=CFN /user aaa set use-radius=yes