# feb/19/2015 09:04:00 by RouterOS 6.22 # software id = H2AT-GD1G # /interface bridge add admin-mac=4C:5E:0C:7B:29:5B auto-mac=no name=bridge-local /interface ethernet set [ find default-name=ether1 ] name=ether1-gateway set [ find default-name=ether2 ] name=ether2-master-local set [ find default-name=ether3 ] master-port=ether2-master-local name=ether3-slave-local set [ find default-name=ether4 ] master-port=ether2-master-local name=ether4-slave-local set [ find default-name=ether5 ] master-port=ether2-master-local name=ether5-slave-local /interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-ht-above country=russia disabled=no distance=indoors l2mtu=2290 mode=ap-bridge ssid=Internet wireless-protocol=802.11 /ip neighbor discovery set ether1-gateway discover=no /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip dhcp-server option add code=43 name=unifi value=0x01040a82ff01 /ip dhcp-server option sets add name=set1 options=unifi /ip hotspot profile set [ find default=yes ] hotspot-address=10.130.1.1 login-by=http-pap name=mk1 radius-interim-update=10m use-radius=yes /ip pool add name=dhcp ranges=10.130.1.10-10.130.1.254 /ip dhcp-server add address-pool=dhcp disabled=no interface=bridge-local lease-time=1h name=default /ip hotspot add address-pool=dhcp disabled=no idle-timeout=none interface=bridge-local name=mk /ip hotspot user profile set [ find default=yes ] address-pool=dhcp shared-users=unlimited /interface ovpn-client add add-default-route=no auth=md5 certificate=none cipher=aes128 connect-to=172.16.130.200 disabled=no mac-address=02:DE:70:DD:7A:4F max-mtu=1500 mode=ip name=wnam-server password="12345678" port=1194 profile=default user=\ wnam_openvpn /snmp community set [ find default=yes ] read-access=no add addresses=10.130.0.1/32 name=wnam /system logging action set 2 remember=yes set 3 bsd-syslog=yes remote=172.16.130.13 syslog-severity=info /interface bridge port add bridge=bridge-local interface=ether2-master-local add bridge=bridge-local interface=wlan1 /ip address add address=10.130.1.1/24 comment="default configuration" interface=ether2-master-local network=10.130.1.0 add address=172.16.130.9/24 interface=ether1-gateway network=172.16.130.0 /ip dhcp-client add comment="default configuration" dhcp-options=hostname,clientid interface=ether1-gateway /ip dhcp-server network add address=10.130.1.0/24 comment="default configuration" dhcp-option=unifi dhcp-option-set=set1 dns-server=8.8.8.8 gateway=10.130.1.1 netmask=24 /ip dns set allow-remote-requests=yes servers=8.8.8.8 /ip dns static add address=192.168.88.1 name=router /ip firewall filter add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes add chain=input comment="default configuration" disabled=yes protocol=icmp add chain=input comment="default configuration" connection-state=established disabled=yes add chain=input comment="default configuration" connection-state=related disabled=yes add action=drop chain=input comment="default configuration" disabled=yes in-interface=ether1-gateway add chain=forward comment="default configuration" connection-state=established disabled=yes add chain=forward comment="default configuration" connection-state=related disabled=yes add action=drop chain=forward comment="default configuration" connection-state=invalid disabled=yes /ip firewall nat add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes add action=masquerade chain=srcnat out-interface=ether1-gateway src-address=10.130.1.0/24 add action=masquerade chain=srcnat dst-address=10.130.255.1 out-interface=wnam-server src-address=10.130.1.0/24 /ip firewall service-port set sip sip-direct-media=no /ip hotspot walled-garden add comment="place hotspot rules here" disabled=yes add dst-host=172.16.130.5 dst-port=8080 add dst-host=8.8.8.8 dst-port=53 add dst-host=10.130.1.1 dst-port=80 add dst-host=10.130.255.1 dst-port=80 /ip hotspot walled-garden ip add action=accept disabled=no dst-address=10.130.255.1 dst-port=8080 protocol=tcp /ip route add distance=1 gateway=172.16.130.1 /ip upnp set allow-disable-external-interface=no /radius add address=10.130.255.1 secret=wnam_radius service=hotspot /snmp set enabled=yes trap-community=public /system clock set time-zone-name=Europe/Minsk /system identity set name=mk.k18 /system leds set 5 interface=wlan1 /system logging add action=remote topics=dhcp /system ntp client set enabled=yes primary-ntp=46.8.40.31 secondary-ntp=94.100.207.29 /tool mac-server set [ find default=yes ] disabled=yes add interface=ether2-master-local add interface=ether3-slave-local add interface=ether4-slave-local add interface=ether5-slave-local add interface=wlan1 add interface=bridge-local /tool mac-server mac-winbox set [ find default=yes ] disabled=yes add interface=ether2-master-local add interface=ether3-slave-local add interface=ether4-slave-local add interface=ether5-slave-local add interface=wlan1 add interface=bridge-local /tool sniffer set filter-interface=all filter-ip-address=10.130.255.1/32