Mikrotik Configuration For Beginners

BylongPosted on

RB951Ui-2HnD

# dec/09/2020 16:27:07 by RouterOS 6.44.5
# model = 951Ui-2HnD
/interface bridge
add fast-forward=no name=bridge-hotspot
add admin-mac=E4:8D:8C:AE:61:BA auto-mac=no fast-forward=no name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
    ether1-WAN
set [ find default-name=ether2 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether3 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether4 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether5 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country=philippines disabled=\
    no distance=indoors mode=ap-bridge name=wlan1-wifi-private ssid=\
    "WiFi [private]" wireless-protocol=802.11
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
    mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\
    12345678 wpa2-pre-shared-key=12345678
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
    management-protection=allowed name=hotspot supplicant-identity=""
/interface wireless
add disabled=no mac-address=E6:8D:8C:45:6F:3D master-interface=\
    wlan1-wifi-private name=wlan2-wifi-hotspot security-profile=hotspot ssid=\
    "WiFi [public]" wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/ip hotspot profile
add hotspot-address=10.0.0.1 login-by=http-chap,https,http-pap,trial name=\
    hs-server
/ip hotspot user profile
set [ find default=yes ] add-mac-cookie=no
add idle-timeout=1h keepalive-timeout=1h name="P20 1 Days Unlimited" \
    on-login=":if ([/system scheduler find name=\$username]=\"\") do={ /system\
    \_scheduler add name=\$username interval=1d on-event=\"/ip hotspot active \
    remove [find user=\$username]\\r\\n/ip hotspot user remove [find name=\$us\
    ername]\\r\\n/system scheduler remove [find name=\$username]\"};" \
    rate-limit=1M/1M transparent-proxy=yes
add idle-timeout=1h keepalive-timeout=1h name="P10 10 Hours Unlimited" \
    on-login=":if ([/system scheduler find name=\$username]=\"\") do={ /system\
    \_scheduler add name=\$username interval=10h on-event=\"/ip hotspot active\
    \_remove [find user=\$username]\\r\\n/ip hotspot user remove [find name=\$\
    username]\\r\\n/system scheduler remove [find name=\$username]\"};" \
    rate-limit=1M/1M transparent-proxy=yes
add idle-timeout=1h keepalive-timeout=1h name="P5 4 Hours Unlimited" \
    on-login=":if ([/system scheduler find name=\$username]=\"\") do={ /system\
    \_scheduler add name=\$username interval=4h on-event=\"/ip hotspot active \
    remove [find user=\$username]\\r\\n/ip hotspot user remove [find name=\$us\
    ername]\\r\\n/system scheduler remove [find name=\$username]\"};" \
    rate-limit=1M/1M transparent-proxy=yes
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=local-pool ranges=192.168.8.100-192.168.8.132
add name=wifi-hotspot-pool ranges=10.0.0.2-10.0.0.254
/ip dhcp-server
add add-arp=yes address-pool=local-pool disabled=no interface=bridge-local \
    name=lan-local-dhcp
add address-pool=wifi-hotspot-pool authoritative=after-2sec-delay disabled=no \
    interface=bridge-hotspot lease-time=1h name=wifi-hotspot-dhcp
/ip hotspot
add address-pool=wifi-hotspot-pool addresses-per-mac=1 disabled=no interface=\
    bridge-hotspot name=hs-server profile=hs-server
/queue type
add kind=pcq name=Lan-Local-Download pcq-classifier=dst-address \
    pcq-dst-address6-mask=64 pcq-rate=1M pcq-src-address6-mask=64
add kind=pcq name=Lan-Local-Upload pcq-classifier=src-address \
    pcq-dst-address6-mask=64 pcq-rate=1M pcq-src-address6-mask=64
add kind=pcq name=WiFi-HS-Default-Dowload pcq-classifier=dst-address \
    pcq-dst-address6-mask=64 pcq-rate=1M pcq-src-address6-mask=64
add kind=pcq name=WiFi-HS-Default-Upload pcq-classifier=src-address \
    pcq-dst-address6-mask=64 pcq-rate=1M pcq-src-address6-mask=64
/queue simple
add name=Browsing-Downloads queue=Lan-Local-Upload/Lan-Local-Download target=\
    192.168.8.0/24
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/user group
set read policy="read,web,!local,!telnet,!ssh,!ftp,!reboot,!write,!policy,!tes\
    t,!winbox,!password,!sniff,!sensitive,!api,!romon,!dude,!tikapp"
set write policy="ftp,reboot,read,write,test,winbox,password,web,api,!local,!t\
    elnet,!ssh,!policy,!sniff,!sensitive,!romon,!dude,!tikapp"
add name=demo policy="read,web,!local,!telnet,!ssh,!ftp,!reboot,!write,!policy\
    ,!test,!winbox,!password,!sniff,!sensitive,!api,!romon,!dude,!tikapp"
/interface bridge port
add bridge=bridge-local hw=no interface=ether2
add bridge=bridge-local interface=wlan1-wifi-private
add bridge=bridge-hotspot hw=no interface=ether5
add bridge=bridge-local hw=no interface=ether4
add bridge=bridge-local hw=no interface=ether3
add bridge=bridge-hotspot interface=wlan2-wifi-hotspot
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add interface=ether2 list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=wlan1-wifi-private list=discover
add interface=bridge-local list=discover
add interface=bridge-hotspot list=discover
add list=discover
add interface=ether2 list=mactel
add interface=ether3 list=mactel
add interface=ether2 list=mac-winbox
add interface=ether4 list=mactel
add interface=ether5 list=mactel
add interface=wlan1-wifi-private list=mactel
add interface=bridge-local list=mactel
add interface=ether3 list=mac-winbox
add interface=ether4 list=mac-winbox
add interface=ether5 list=mac-winbox
add interface=wlan1-wifi-private list=mac-winbox
add interface=bridge-local list=mac-winbox
add interface=ether1-WAN list=WAN
/interface pppoe-server server
add disabled=no interface=bridge-hotspot keepalive-timeout=disabled \
    one-session-per-host=yes service-name=pppoe-server
/ip address
add address=192.168.8.1/24 interface=bridge-local network=192.168.8.0
add address=10.0.0.1/24 interface=bridge-hotspot network=10.0.0.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1-WAN \
    use-peer-dns=no
/ip dhcp-server network
add address=10.0.0.0/24 comment="wifi hotspot" dns-server=8.8.8.8,8.8.4.4 \
    gateway=10.0.0.1 ntp-server=10.0.0.1
add address=192.168.8.0/24 comment="lan local" dns-server=192.168.8.1 \
    gateway=192.168.8.1 netmask=24 ntp-server=192.168.8.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.8.1 name=router
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=accept chain=input comment="default configuration" disabled=yes \
    protocol=icmp
add action=accept chain=input comment="default configuration" \
    connection-state=established,related disabled=yes
add action=drop chain=input comment="default configuration" disabled=yes \
    in-interface=ether1-WAN
add action=fasttrack-connection chain=forward comment="default configuration" \
    connection-state=established,related disabled=yes
add action=accept chain=forward comment="default configuration" \
    connection-state=established,related disabled=yes
add action=drop chain=forward comment="default configuration" \
    connection-state=invalid disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=ether1-WAN
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=10.0.0.0/24
/ip hotspot user
add name=admin password=admin
add name=user1 profile="P20 1 Days Unlimited"
/ip hotspot walled-garden
add dst-host=*2jwifi.com
/ip smb
set domain=WORKSHOP enabled=yes
/ip smb shares
set [ find default=yes ] disabled=yes
add directory=/ max-sessions=3 name=storage
/ip smb users
add name=admin password=long read-only=no
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ppp aaa
set use-radius=yes
/ppp profile
add dns-server=192.168.12.1 local-address=192.168.12.1 name=10mbps only-one=\
    yes rate-limit=10M/10M remote-address=*4
add dns-server=192.168.12.1 local-address=192.168.12.1 name=5mbps only-one=\
    yes rate-limit=5M/5M remote-address=*4
add dns-server=192.168.12.1 local-address=192.168.12.1 name=2mbps only-one=\
    yes rate-limit=2M/2M remote-address=*4
/ppp secret
add name=user10m password=1234 profile=10mbps service=pppoe
add name=user5m password=1234 profile=5mbps service=pppoe
add name=user2m password=1234 profile=2mbps service=pppoe
/radius
add address=127.0.0.1 secret=12345678 service=login,hotspot
/system clock
set time-zone-name=Asia/Manila
/system identity
set name=JOLIMS.COM
/system leds
set 5 interface=wlan1-wifi-private
/tool graphing interface
add
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool romon port
add

Download .backup file