# 2025-12-05 12:34:34 by RouterOS 7.20.5 # software id = R71A-HA5S # # model = CCR2004-16G-2S+ # serial number = HG809N0C8R9 /interface ethernet set [ find default-name=ether1 ] disabled=yes set [ find default-name=ether2 ] disabled=yes set [ find default-name=ether3 ] disabled=yes set [ find default-name=ether4 ] disabled=yes set [ find default-name=ether5 ] disabled=yes set [ find default-name=ether6 ] disabled=yes set [ find default-name=ether7 ] disabled=yes set [ find default-name=ether8 ] disabled=yes set [ find default-name=ether9 ] disabled=yes set [ find default-name=ether10 ] disabled=yes set [ find default-name=ether11 ] disabled=yes set [ find default-name=ether12 ] disabled=yes set [ find default-name=ether13 ] disabled=yes set [ find default-name=ether14 ] disabled=yes set [ find default-name=ether15 ] disabled=yes set [ find default-name=ether16 ] disabled=yes set [ find default-name=sfp-sfpplus2 ] disabled=yes /interface vlan add interface=sfp-sfpplus1 name=0024-GERENCIA-L2 vlan-id=24 add interface=sfp-sfpplus1 name=0042-Servicos-IPv4 vlan-id=42 add interface=sfp-sfpplus1 name=0124-GERENCIA-L3 vlan-id=124 add interface=sfp-sfpplus1 name=0620-Servicos-IPv6 vlan-id=620 add interface=sfp-sfpplus1 name=2142-OSPF_B1 vlan-id=2142 add interface=sfp-sfpplus1 name=2242-OSPF_B2 vlan-id=2242 add interface=sfp-sfpplus1 name=2602-IPv4-HEXA vlan-id=2602 add interface=sfp-sfpplus1 name=vlan1441-itx-sw-hw-04 vlan-id=1441 /interface list add exclude=all include=static name=ospf-interfaces /interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no /ip pool add name=pool1 ranges=198.18.0.5-198.18.0.8 /ip smb users set [ find default=yes ] disabled=yes /ipv6 pool add name=pool-enlace prefix=2804:47e4:8000:1::1c/126 prefix-length=128 /port set 0 name=serial0 /ppp profile add change-tcp-mss=no local-address=10.0.24.33 name=L2TP remote-address=pool1 \ use-compression=no use-encryption=yes use-upnp=no /routing id add disabled=no id=10.0.24.33 name=OSPF select-dynamic-id=only-static /routing ospf instance add disabled=no name=ospf originate-default=never out-filter-chain=OSPF-OUT \ redistribute=connected,static router-id=OSPF routing-table=main add disabled=no name=ospfv3 originate-default=never out-filter-chain=\ OSPFv3-OUT redistribute=connected router-id=OSPF version=3 /routing ospf area add disabled=no instance=ospf name=ospf-area-0 add disabled=no instance=ospfv3 name=ospfv3-area-0 /snmp community set [ find default=yes ] addresses=10.0.0.0/8 name=ctcorp-lan /system logging action add name=Gray remote=10.0.24.69 remote-log-format=syslog src-address=\ 10.0.24.33 target=remote /ip smb set enabled=no /ip firewall connection tracking set enabled=yes udp-timeout=10s /ip neighbor discovery-settings set discover-interface-list=all /ip settings set max-neighbor-entries=8192 /ipv6 settings set max-neighbor-entries=8192 soft-max-neighbor-entries=8191 /interface l2tp-server server set allow-fast-path=yes authentication=chap,mschap1,mschap2 default-profile=\ L2TP enabled=yes keepalive-timeout=60 l2tpv3-ether-interface-list=all \ max-mru=1480 max-mtu=1480 one-session-per-host=yes use-ipsec=yes /interface list member add interface=2142-OSPF_B1 list=ospf-interfaces add interface=2242-OSPF_B2 list=ospf-interfaces /interface ovpn-server server add mac-address=FE:6F:8A:36:83:70 name=ovpn-server1 /ip address add address=10.0.24.33/24 interface=0024-GERENCIA-L2 network=10.0.24.0 add address=10.1.21.42/30 interface=2142-OSPF_B1 network=10.1.21.40 add address=10.1.22.42/30 interface=2242-OSPF_B2 network=10.1.22.40 add address=45.228.246.97/27 comment="### 246.97 - Gateway-042" interface=\ 0042-Servicos-IPv4 network=45.228.246.96 add address=10.1.24.33/24 interface=0124-GERENCIA-L3 network=10.1.24.0 add address=45.228.246.31 interface=lo network=45.228.246.31 add address=45.228.246.16 interface=lo network=45.228.246.16 add address=10.0.5.9/30 interface=vlan1441-itx-sw-hw-04 network=10.0.5.8 add address=45.228.246.64 comment=IPv4-pub-NAT-HEXA interface=lo network=\ 45.228.246.64 add address=10.95.200.1/24 comment=IPv4-priv-NAT-HEXA interface=\ 2602-IPv4-HEXA network=10.95.200.0 /ip cloud set update-time=no /ip dns set servers=45.228.246.122,45.228.244.121 /ip firewall address-list add address=45.228.244.4 list=CONFIAVEIS add address=45.228.246.4 list=CONFIAVEIS add address=10.1.24.0/24 list=CONFIAVEIS add address=10.0.24.0/24 list=CONFIAVEIS add address=10.25.0.0/18 list=CONFIAVEIS add address=45.228.244.8/29 list=CONFIAVEIS add address=45.228.244.96/27 list=CONFIAVEIS add address=45.228.246.96/27 list=CONFIAVEIS add address=100.64.0.0/10 list=CONFIAVEIS add address=10.64.69.0/30 list=CONFIAVEIS add address=45.228.244.121 list=DNS-SERVERs add address=45.228.246.122 list=DNS-SERVERs add address=45.228.244.101 list=DNS-SERVERs add address=45.228.246.102 list=DNS-SERVERs add address=45.228.246.100 list=DNS-SERVERs add address=45.228.244.8/29 list=0030-SERVIDORES add address=45.228.244.96/27 list=SERVIDORES add address=45.228.246.96/27 list=SERVIDORES add address=10.25.0.25 list=GeniACS add address=45.228.246.105 list=GeniACS add address=45.228.245.0/24 list=ACS-CPEs add address=45.228.247.0/24 list=ACS-CPEs add address=10.25.0.0/18 list=ACS-CPEs add address=198.18.0.8 list=POOL-GERENCIA add address=198.18.0.7 list=POOL-GERENCIA add address=198.18.0.6 list=POOL-GERENCIA add address=198.18.0.5 list=POOL-GERENCIA add address=10.0.24.0/24 list=LOCAL-VPN-NAT add address=198.18.0.4/30 list=LOCAL-VPN-NAT add address=45.228.244.0/22 list=BLOCO-FIX add address=45.228.244.4 list=ACPT-INPUT add address=10.1.24.0/24 list=ACPT-INPUT add address=45.228.246.4 list=ACPT-INPUT add address=10.0.24.0/24 list=ACPT-INPUT add address=10.1.21.32/30 list=ACPT-INPUT add address=10.1.22.32/30 list=ACPT-INPUT add address=10.25.0.0/18 list=ACPT-INPUT add address=45.228.244.8/29 list=ACPT-INPUT add address=45.228.244.96/27 list=ACPT-INPUT add address=10.0.5.4/30 list=ACPT-INPUT add address=45.228.244.96/27 list=zabbix-agent add address=45.228.246.96/27 list=zabbix-agent add address=45.228.244.101 list=CWPs add address=45.228.246.102 list=CWPs add address=10.95.200.0/24 list=LAN-HEXA /ip firewall filter add action=fasttrack-connection chain=forward connection-state=\ established,related hw-offload=yes add action=accept chain=forward connection-state=established,related add action=accept chain=forward comment="Permit - ICMP Protocol" disabled=yes \ protocol=icmp add action=accept chain=forward comment="Permit - DNS REVERSO" disabled=yes \ dst-address=45.228.246.100 dst-port=53 protocol=tcp add action=accept chain=forward comment="Permit - DNS REVERSO" disabled=yes \ dst-address=45.228.246.100 dst-port=53 protocol=udp add action=accept chain=forward comment="Permit - acs - 7547 tcp" disabled=\ yes dst-address=45.228.246.105 dst-port=7547 protocol=tcp add action=accept chain=forward comment="Permit - Upload SRC" disabled=yes \ src-address-list=CONFIAVEIS add action=accept chain=forward comment="Permit - DNS (TCP)" disabled=yes \ dst-address-list=DNS-SERVERs dst-port=53 protocol=tcp src-address-list=\ CONFIAVEIS add action=accept chain=forward comment="Permit - DNS (UDP)" disabled=yes \ dst-address-list=DNS-SERVERs dst-port=53 protocol=udp src-address-list=\ CONFIAVEIS add action=accept chain=forward comment="Permit - NTPSec (UDP)" disabled=yes \ dst-address-list=DNS-SERVERs dst-port=123 protocol=udp src-address-list=\ CONFIAVEIS add action=accept chain=forward comment="Permit - HTTPs (TCP)" disabled=yes \ dst-address-list=SERVIDORES dst-port=80,443 protocol=tcp add action=accept chain=forward comment="Permit - HTTPs (UDP)" disabled=yes \ dst-address-list=SERVIDORES dst-port=80,443 protocol=udp add action=accept chain=forward comment="Permit - Servicos (TCP)" disabled=\ yes dst-address-list=SERVIDORES dst-port=3000,3001,8443,8080 protocol=tcp add action=accept chain=forward comment="Permit - Servicos (UDP)" disabled=\ yes dst-address-list=SERVIDORES dst-port=3000,3001,8443,8080 protocol=udp add action=accept chain=forward comment="Permit - Servicos" disabled=yes \ dst-address-list=SERVIDORES src-address-list=SERVIDORES add action=accept chain=forward comment="Permit - Radios" disabled=yes \ in-interface=*16 add action=accept chain=forward comment="Permit - Radios" disabled=yes \ out-interface=*16 add action=accept chain=forward comment="Permit - OpaSuite (exception)" \ disabled=yes dst-address=45.228.246.98 add action=accept chain=input comment="Permit - Estab and Related" \ connection-state=established,related disabled=yes add action=accept chain=input comment="Permit - ICMP" disabled=yes protocol=\ icmp add action=accept chain=input comment="Permit - OSPF Protocol" disabled=yes \ in-interface-list=ospf-interfaces protocol=ospf add action=accept chain=input comment="Permit - IPsec Ports" disabled=yes \ dst-port=500,1701,4500 protocol=udp add action=accept chain=input comment="Permit - IPsec Protocol" disabled=yes \ protocol=ipsec-esp add action=accept chain=input comment="Permit - L2TP Protocol" disabled=yes \ protocol=l2tp add action=accept chain=input comment="Permit - Winbox Service" disabled=yes \ dst-port=8292 protocol=tcp src-address-list=ACPT-INPUT add action=accept chain=input comment="Permit - Trusted" disabled=yes \ src-address-list=ACPT-INPUT add action=accept chain=forward disabled=yes dst-address-list=CWPs add action=drop chain=forward disabled=yes log-prefix=drop-all- add action=drop chain=input disabled=yes /ip firewall nat add action=src-nat chain=srcnat comment=\ "NAT DA VPN PARA ACESSO A GERENCIA 10.0.24.0/24" disabled=yes \ dst-address=10.0.24.0/24 src-address-list=POOL-GERENCIA to-addresses=\ 10.0.24.33 add action=src-nat chain=srcnat comment="SRC-NAT-HEXA - 45.228.246.64" \ src-address-list=LAN-HEXA to-addresses=45.228.246.64 add action=src-nat chain=srcnat comment="DEFAULT NAT - 246.31" dst-address=\ !10.0.0.0/8 dst-address-list=!SERVIDORES protocol=!ospf src-address=\ 10.0.24.0/24 to-addresses=45.228.246.31 add action=src-nat chain=srcnat comment="## regra UPDATE" disabled=yes \ dst-address-list=!POOL-GERENCIA protocol=!ospf to-addresses=45.228.246.31 /ip firewall service-port set ftp disabled=yes set tftp disabled=yes set h323 disabled=yes set sip disabled=yes set pptp disabled=yes /ip ipsec profile set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 /ip route add blackhole comment="## Rota em Blackhole" disabled=no distance=255 \ dst-address=45.228.246.64/27 gateway="" pref-src="" routing-table=main \ scope=30 suppress-hw-offload=no target-scope=10 add blackhole comment="## Rota em Blackhole" disabled=no distance=255 \ dst-address=45.228.246.16/28 gateway="" pref-src="" routing-table=main \ scope=30 suppress-hw-offload=no target-scope=10 add disabled=no distance=210 dst-address=0.0.0.0/0 gateway=10.1.22.41 \ pref-src="" routing-table=main scope=20 suppress-hw-offload=no \ target-scope=10 /ipv6 route add disabled=no distance=200 dst-address=::/0 gateway=2804:47e4:8000:1::21 \ routing-table=main scope=30 target-scope=10 add disabled=yes distance=20 dst-address=::/0 gateway=2804:47e4:8000:1::19 \ routing-table=main scope=30 suppress-hw-offload=no target-scope=10 /ip service set ftp disabled=yes set ssh disabled=yes set telnet disabled=yes set www disabled=yes set winbox address=45.228.244.0/22,10.0.0.0/8,198.18.0.0/30,2804:47e4::/32 \ port=8292 set api disabled=yes set api-ssl disabled=yes /ip smb shares set [ find default=yes ] directory=/pub /ip traffic-flow set active-flow-timeout=5m cache-entries=64k interfaces=2142-OSPF_B1 /ip traffic-flow target add dst-address=10.0.24.128 port=9996 src-address=10.0.24.24 version=5 add dst-address=10.0.24.128 port=9996 src-address=10.0.24.24 version=5 /ip upnp set enabled=yes /ip upnp interfaces add interface=*16 type=internal add interface=2142-OSPF_B1 type=external /ipv6 address add address=2804:47e4:8002::33 advertise=no comment=\ "# Desativar o Advertase e depois desativar ND | BUG com Firewall" \ interface=0620-Servicos-IPv6 add address=2804:47e4:8000:1::22/126 advertise=no interface=2242-OSPF_B2 add address=2804:47e4:0:1::22/126 advertise=no interface=2142-OSPF_B1 add address=2804:47e4:8000:1::1a/126 advertise=no disabled=yes interface=\ 2602-IPv4-HEXA add address=2804:47e4:8002:2601::33 advertise=no comment="## LAN SAGE" \ disabled=yes interface=lo /ipv6 firewall address-list add address=2804:47e4::/32 list=FIX-MeuBloco add address=2804:47e4:1::/64 list=AL-ACPT-SERVICOS add address=2804:47e4:1::141/128 list=ACL-hosepdage add address=2804:47e4:8002::142/128 list=ACL-hosepdage add address=2804:47e4:1::125/128 list=ACL-hosepdage add address=2804:47e4:8002::/64 list=AL-ACPT-SERVICOS add address=2804:47e4:1::122/128 list=ACL-hosepdage add address=2804:47e4::/32 list=CONFIAVEIS add address=2804:47e4:8002::/64 list=SERVIDORES add address=2804:47e4:1::/64 list=SERVIDORES add address=2804:47e4:1::120/128 list=DNS-SERVER add address=2804:47e4:8002::124/128 list=DNS-SERVER add address=2804:47e4:0:1::22/128 list=INPUT-OSPFv3 add address=2804:47e4:8000:1::22/128 list=INPUT-OSPFv3 add address=2804:47e4:8002::7777/128 list=ACL-hosepdage add address=2804:47e4:8002::230/128 list=DNS-SERVER add address=2804:47e4:8002::110/128 list=ACL-hosepdage add address=2804:47e4:8002::228/128 list=ACL-hosepdage add address=2804:47e4:8002::145/128 list=ACL-hosepdage add address=2804:47e4:8002::15/128 disabled=yes list=ACL-hosepdage add address=2804:47e4:1::141/128 list=CWPs add address=2804:47e4:8002::142/128 list=CWPs /ipv6 firewall filter add action=accept chain=input comment=ICMPV6 protocol=icmpv6 add action=accept chain=forward comment="Permit - Established, related" \ connection-state=established,related add action=accept chain=forward comment="Permit - ICMPv6" protocol=icmpv6 add action=accept chain=input comment="Permit - input - estab, related" \ connection-state=established,related add action=accept chain=input comment="Permit - OSPFv3" in-interface-list=\ ospf-interfaces protocol=ospf add action=accept chain=input comment="Permit - Link Local" src-address=\ fe80::/10 add action=accept chain=forward comment="Permit - Upload" src-address-list=\ FIX-MeuBloco add action=accept chain=forward comment="Permit - All (excecao)" \ dst-address-list=ACL-hosepdage add action=accept chain=forward comment=IXC dst-address=\ 2804:47e4:8002::15/128 dst-port=80,443 protocol=tcp add action=accept chain=forward comment=IXC dst-address=\ 2804:47e4:8002::15/128 dst-port=80,443 protocol=udp add action=accept chain=forward comment="Permit - REVERSO" dst-address=\ 2804:47e4:8002::230/128 dst-port=53 protocol=udp add action=accept chain=forward comment="Permit - REVERSO" dst-address=\ 2804:47e4:8002::230/128 dst-port=53 protocol=tcp add action=accept chain=forward comment="Permit - Servicos (all)" \ dst-address-list=AL-ACPT-SERVICOS src-address-list=AL-ACPT-SERVICOS add action=accept chain=forward comment="Permit - DNS (udp)" \ dst-address-list=DNS-SERVER dst-port=53 protocol=udp src-address-list=\ FIX-MeuBloco add action=accept chain=forward comment="Permit - DNS (tcp)" \ dst-address-list=DNS-SERVER dst-port=53 protocol=tcp src-address-list=\ FIX-MeuBloco add action=accept chain=forward comment="Permit - WebServer (udp)" \ dst-address-list=SERVIDORES dst-port=443,3000,3001,8080,8443,8880 \ protocol=udp add action=accept chain=forward comment="Permit - WebServer (tcp)" \ dst-address-list=SERVIDORES dst-port=443,3000,3001,8080,8443,8880 \ protocol=tcp add action=accept chain=input comment="Permit - Winbox" dst-port=8292 \ protocol=tcp src-address-list=FIX-MeuBloco add action=accept chain=input comment="Permit - SSH" dst-port=9022 protocol=\ tcp src-address-list=FIX-MeuBloco add action=accept chain=input comment="Permit - SSH" dst-address=\ 2804:47e4:8002::f120/128 dst-port=9022 protocol=tcp add action=accept chain=forward comment="Permit - CWP" dst-address-list=CWPs add action=drop chain=input comment=drop-input add action=drop chain=forward comment="drop - All" log-prefix=dropv6- /ipv6 nd set [ find default=yes ] advertise-dns=no disabled=yes \ managed-address-configuration=yes other-configuration=yes ra-preference=\ low add advertise-dns=no interface=0620-Servicos-IPv6 \ managed-address-configuration=yes add advertise-dns=no interface=2142-OSPF_B1 managed-address-configuration=yes add advertise-dns=no interface=2242-OSPF_B2 managed-address-configuration=yes /ppp secret add name=andrefix profile=L2TP service=l2tp add name=danielfix profile=L2TP service=l2tp add name=otaviofix profile=L2TP service=l2tp /radius add address=10.0.24.24 disabled=yes require-message-auth=no service=login \ timeout=300ms add address=10.0.24.24 disabled=yes require-message-auth=no service=login \ timeout=300ms /routing bfd configuration add disabled=yes interfaces=all min-rx=200us min-tx=200us multiplier=5 add disabled=yes interfaces=all min-rx=200us min-tx=200us multiplier=5 /routing filter rule add chain=OSPF-OUT disabled=no rule=\ "if (dst in 45.228.246.96/27 && dst-len > 27) {reject} else {accept}" add chain=OSPF-OUT disabled=no rule=\ "if (dst in 45.228.246.64/27 && dst-len > 27) {reject} else {accept}" add chain=OSPF-OUT disabled=no rule=\ "if (dst in 45.228.246.16/28 && dst-len > 28) {reject} else {accept}" add chain=OSPFv3-OUT disabled=no rule=\ "if (dst in 2804:47e4:8002::/48 && dst-len > 48) {reject} else {accept}" /routing ospf area range add area=ospf-area-0 disabled=no prefix=45.228.246.96/27 add area=ospfv3-area-0 disabled=no prefix=2804:47e4:8002::/64 add area=ospf-area-0 disabled=no prefix=45.228.246.64/27 /routing ospf interface-template add area=ospf-area-0 auth=md5 auth-id=1 cost=20 disabled=no interfaces=\ 2242-OSPF_B2 networks=10.1.22.40/30 priority=1 type=ptp add area=ospf-area-0 auth=md5 auth-id=1 cost=100 disabled=no interfaces=\ 2142-OSPF_B1 networks=10.1.21.40/30 priority=1 type=ptp add area=ospfv3-area-0 cost=20 disabled=no interfaces=2242-OSPF_B2 networks=\ 2804:47e4:8000:1::22/126 priority=1 type=ptp add area=ospfv3-area-0 cost=100 disabled=no interfaces=2142-OSPF_B1 networks=\ 2804:47e4:0:1::22/126 priority=1 type=ptp add area=ospf-area-0 disabled=no interfaces=all passive add area=ospfv3-area-0 disabled=no interfaces=all passive /snmp set contact="FIX FIBRA" enabled=yes location=\ "\"R. Antonio Dias Adorno, 375,Diadema,SP,BR\"" trap-version=2 /system clock set time-zone-name=America/Sao_Paulo /system identity set name=NAT02-CCR2004 /system logging add action=echo disabled=yes prefix=snmp_ topics=debug,snmp add action=Gray disabled=yes prefix=snmp_ topics=debug,snmp add action=Gray prefix=CRI topics=critical add action=Gray prefix=BK topics=backup add action=Gray prefix=INFO topics=info add action=Gray prefix=WARM topics=warning /system note set show-at-login=no /system ntp client set enabled=yes /system ntp client servers add address=10.0.24.120 add address=10.0.24.124 /system routerboard settings set enter-setup-on=delete-key /system scheduler add comment="Crodar dia 25/01 as 3 da manha" name=Atualizacao on-event=\ "/system reboot" policy=reboot start-date=2025-03-11 start-time=03:00:00 /system script add dont-require-permissions=no name=backupSFTP owner=otaviofix policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\ log warning \"***************************************\"\ \n#Conexao SFTP\ \n\ \n:global host 10.1.24.137\ \n:global usuario backups\ \n:global senha backups@fixfibra2@\ \n:global diretorio /SFTP/backups/mikrotik/router/CGNAT02\ \n\ \n#Pega o nome do Router\ \n\ \n:global identifica [/system identity get name]\ \n\ \n#Gera data no formato AAAA-MM-DD\ \n\ \n:global data [/system clock get date]\ \n:global ano [:pick \$data 0 4]\ \n:global mes [:pick \$data 5 7]\ \n:global dia [:pick \$data 8 10]\ \n\ \n:log info \"Gerando backup: \$dia-\$mes-\$ano.\$identifica.backup\";\ \n/system backup save name=\"\$dia-\$mes-\$ano.\$identifica\";\ \n:log info \"Gerando export: \$dia-\$mes-\$ano.\$identifica.rsc\";\ \n/export file=\"\$dia-\$mes-\$ano.\$identifica\"\ \n:log info \"Processando...\";\ \n:delay 5s\ \n\ \n:log info \"Conectando SFTP Server...\";\ \n:log info \"Enviando Backup [\$dia-\$mes-\$ano.\$identifica.backup] ...\ \";\ \n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.bac\ kup\" user=\"\$usuario\" password=\"\$senha\" port=9022 upload=yes mode=sf\ tp dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.backup\"\ \n:log info \"Enviando Export [\$dia-\$mes-\$ano.\$identifica.rsc] ...\";\ \n/tool fetch address=\$host src-path=\"\$dia-\$mes-\$ano.\$identifica.rsc\ \" user=\"\$usuario\" password=\"\$senha\" port=9022 upload=yes mode=sftp \ dst-path=\"\$diretorio/\$dia-\$mes-\$ano.\$identifica.rsc\"\ \n:delay 1\ \n\ \n:log info \"Backup enviado com sucesso...\";\ \n:log info \"Removendo arquivos...\";\ \n/file remove \"\$dia-\$mes-\$ano.\$identifica.backup\"\ \n/file remove \"\$dia-\$mes-\$ano.\$identifica.rsc\"\ \n:log info \"Rotina de backup finalizada...\";\ \n:log warning \"***************************************\";\ \n" /tool bandwidth-server set enabled=no /tool mac-server set allowed-interface-list=none /tool mac-server mac-winbox set allowed-interface-list=none /tool mac-server ping set enabled=no /tool romon set enabled=yes /user aaa set use-radius=yes