607 lines
30 KiB
Plaintext
607 lines
30 KiB
Plaintext
# 2025-12-05 11:18:56 by RouterOS 7.20.5
|
|
# software id = HSR5-2Z4K
|
|
#
|
|
# model = RB4011iGS+
|
|
# serial number = D4440C82B0CE
|
|
/interface ethernet
|
|
set [ find default-name=ether1 ] name=ether1-PoEIN
|
|
set [ find default-name=ether2 ] disabled=yes
|
|
set [ find default-name=ether3 ] disabled=yes
|
|
set [ find default-name=ether4 ] disabled=yes
|
|
set [ find default-name=ether5 ] disabled=yes
|
|
set [ find default-name=ether6 ] disabled=yes
|
|
set [ find default-name=ether7 ] disabled=yes
|
|
set [ find default-name=ether8 ] disabled=yes
|
|
set [ find default-name=ether10 ] name=ether10-PoE-Out poe-out=off
|
|
set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no comment=\
|
|
"Sede x DataCom"
|
|
/interface vlan
|
|
add interface=sfp-sfpplus1 name=vlanif_13 vlan-id=13
|
|
add interface=sfp-sfpplus1 name=vlanif_24 vlan-id=24
|
|
add interface=sfp-sfpplus1 name=vlanif_26 vlan-id=26
|
|
add interface=sfp-sfpplus1 name=vlanif_69 vlan-id=69
|
|
add interface=sfp-sfpplus1 name=vlanif_70 vlan-id=70
|
|
add interface=sfp-sfpplus1 name=vlanif_71 vlan-id=71
|
|
add interface=sfp-sfpplus1 name=vlanif_72 vlan-id=72
|
|
add interface=sfp-sfpplus1 name=vlanif_124 vlan-id=124
|
|
add comment=uplink-vs01-IPv6 interface=sfp-sfpplus1 name=vlanif_199 vlan-id=\
|
|
199
|
|
add comment=uplink-vs02-IPv4 interface=sfp-sfpplus1 name=vlanif_299 vlan-id=\
|
|
299
|
|
/interface list
|
|
add comment=defconf name=WAN
|
|
add comment=defconf name=LAN
|
|
/ip pool
|
|
add name=069_SEDE_ADM ranges=192.168.0.50-192.168.0.220
|
|
add name=070_pool_TI_NOC ranges=192.168.70.50-192.168.70.100
|
|
add name=071_REDE_CELULARES ranges=192.168.71.50-192.168.71.200
|
|
add name=013-iOT-30-99 ranges=10.0.13.30-10.0.13.99
|
|
add name=013-iOT-150-199 ranges=10.0.13.150-10.0.13.199
|
|
add name=072-Hotspot-Unifi ranges=192.168.72.50-192.168.72.200
|
|
/ip dhcp-server
|
|
add address-pool=069_SEDE_ADM interface=vlanif_69 lease-time=1w name=\
|
|
069_SEDE_FIX
|
|
add address-pool=070_pool_TI_NOC interface=vlanif_70 lease-time=1w name=\
|
|
070_DHCP_TI_NOC
|
|
add address-pool=071_REDE_CELULARES disabled=yes interface=vlanif_71 \
|
|
lease-time=8h name=071_DHCP_SEDE_OUTROS
|
|
add add-arp=yes address-pool=013-iOT-30-99 interface=vlanif_13 lease-time=8h \
|
|
name=013-iOT
|
|
add add-arp=yes address-pool=072-Hotspot-Unifi interface=vlanif_72 \
|
|
lease-time=2h name=072-DHCP-HOTSPOT
|
|
/ipv6 pool
|
|
add name=v6_pool_LAN prefix=2804:47e4:8c0:3000::/52 prefix-length=64
|
|
add name=v6_pool_LAN_NOC prefix=2804:47e4:8c0:1000::/52 prefix-length=64
|
|
add name=v6_pool_LAN_CELULARES prefix=2804:47e4:8c0:2000::/52 prefix-length=\
|
|
64
|
|
add name=v6_pool_013_iot prefix=2804:47e4:8c0:4000::/52 prefix-length=64
|
|
/port
|
|
set 0 name=serial0
|
|
set 1 name=serial1
|
|
/ppp profile
|
|
add change-tcp-mss=no local-address=192.168.70.2 name=L2TP_NOC \
|
|
remote-address=070_pool_TI_NOC remote-ipv6-prefix-pool=v6_pool_LAN_NOC \
|
|
use-compression=no use-encryption=yes use-mpls=no use-upnp=no
|
|
add change-tcp-mss=no local-address=192.168.0.2 name=L2TP rate-limit=\
|
|
15MB/15MB remote-address=069_SEDE_ADM remote-ipv6-prefix-pool=v6_pool_LAN \
|
|
use-compression=no use-encryption=yes use-mpls=no use-upnp=no
|
|
/snmp community
|
|
set [ find default=yes ] name=ctcorp-lan
|
|
/system logging action
|
|
add name=Gray remote=10.0.24.69 remote-log-format=syslog src-address=\
|
|
10.0.24.23 target=remote
|
|
/disk settings
|
|
set auto-media-interface=*D auto-media-sharing=yes auto-smb-sharing=yes
|
|
/ip firewall connection tracking
|
|
set enabled=yes tcp-established-timeout=12h udp-timeout=10s
|
|
/ip neighbor discovery-settings
|
|
set discover-interface-list=!dynamic
|
|
/interface l2tp-server server
|
|
set allow-fast-path=yes default-profile=L2TP enabled=yes keepalive-timeout=\
|
|
disabled max-mru=1500 max-mtu=1500 use-ipsec=required
|
|
/ip address
|
|
add address=10.0.24.23/24 interface=vlanif_24 network=10.0.24.0
|
|
add address=192.168.0.2/24 interface=vlanif_69 network=192.168.0.0
|
|
add address=10.0.13.23/24 interface=vlanif_13 network=10.0.13.0
|
|
add address=172.31.32.22/30 comment="Enlace B2" interface=vlanif_299 network=\
|
|
172.31.32.20
|
|
add address=172.31.31.22/30 comment="Enlace B1" interface=vlanif_199 network=\
|
|
172.31.31.20
|
|
add address=10.1.24.23/24 interface=vlanif_124 network=10.1.24.0
|
|
add address=192.168.70.2/24 interface=vlanif_70 network=192.168.70.0
|
|
add address=192.168.100.2/24 interface=vlanif_71 network=192.168.100.0
|
|
add address=45.228.244.4 interface=lo network=45.228.244.4
|
|
add address=45.228.246.4 interface=lo network=45.228.246.4
|
|
add address=10.0.26.23/24 interface=vlanif_26 network=10.0.26.0
|
|
add address=192.168.72.2/24 comment="GATEWAY HOTSPOT UNFI" interface=\
|
|
vlanif_72 network=192.168.72.0
|
|
add address=10.0.70.1/30 comment=fiore-teste interface=*1C network=10.0.70.0
|
|
add address=10.0.70.1/30 interface=*1D network=10.0.70.0
|
|
/ip arp
|
|
add address=10.0.13.95 comment=P2-SensorDeFase-Preta interface=vlanif_13 \
|
|
mac-address=18:DE:50:A4:6A:F6
|
|
add address=192.168.0.78 interface=vlanif_69 mac-address=98:E5:5B:1F:D5:C4
|
|
/ip cloud
|
|
set update-time=no
|
|
/ip dhcp-client
|
|
# Interface not active
|
|
add comment=defconf interface=ether1-PoEIN
|
|
/ip dhcp-server lease
|
|
add address=192.168.0.5 client-id=1:44:3b:32:52:67:5 comment=DVR mac-address=\
|
|
44:3B:32:52:67:05 server=069_SEDE_FIX
|
|
add address=192.168.0.7 client-id=1:dc:a6:32:99:e5:ac comment="TV NOC" \
|
|
mac-address=DC:A6:32:99:E5:AC server=069_SEDE_FIX
|
|
add address=192.168.0.9 client-id=1:c:96:e6:22:6a:9c comment="impressroa hp" \
|
|
mac-address=0C:96:E6:22:6A:9C server=069_SEDE_FIX
|
|
add address=192.168.0.12 comment="Impressora XEROX" mac-address=\
|
|
9C:93:4E:6D:39:E1 server=069_SEDE_FIX
|
|
add address=192.168.0.24 client-id=1:0:c:29:a8:3d:34 comment=\
|
|
"Servidor microsfot" mac-address=00:0C:29:A8:3D:34 server=069_SEDE_FIX
|
|
add address=192.168.0.41 client-id=1:24:52:6a:45:7:1 comment="NVR da SEDE" \
|
|
mac-address=24:52:6A:45:07:01 server=069_SEDE_FIX
|
|
add address=192.168.0.20 comment="#SW_2_andar - AP refeitorio" mac-address=\
|
|
00:00:00:00:00:20 server=069_SEDE_FIX
|
|
add address=192.168.0.105 client-id=1:44:3b:32:86:2d:7e comment=\
|
|
"CAMERA ESTOQUE" mac-address=44:3B:32:86:2D:7E server=069_SEDE_FIX
|
|
add address=192.168.0.97 client-id=1:b2:68:a6:2d:65:d5 mac-address=\
|
|
B2:68:A6:2D:65:D5 server=069_SEDE_FIX
|
|
add address=192.168.0.194 client-id=1:0:26:8b:a:92:ea comment=\
|
|
"TELEFONE IP CAROL" mac-address=00:26:8B:0A:92:EA server=069_SEDE_FIX
|
|
add address=192.168.0.6 comment="TARCILA - LDAP FS" mac-address=\
|
|
00:50:56:80:31:63 server=069_SEDE_FIX
|
|
add address=192.168.0.8 comment="PrintServer - OpenAudit" mac-address=\
|
|
00:00:00:00:00:03 server=069_SEDE_FIX
|
|
add address=192.168.0.11 comment="Impressora RICOH" mac-address=\
|
|
00:26:73:8D:9E:F3 server=069_SEDE_FIX
|
|
add address=192.168.0.17 comment="Nextcloud - FIX" mac-address=\
|
|
00:00:00:00:00:17 server=069_SEDE_FIX
|
|
add address=192.168.0.16 comment="REBECA - WIKI" mac-address=\
|
|
00:00:00:00:00:16 server=069_SEDE_FIX
|
|
add address=192.168.0.10 comment="Impressora RICOH" mac-address=\
|
|
00:00:00:00:00:10 server=069_SEDE_FIX
|
|
add address=192.168.0.99 client-id=1:d8:36:5f:40:5:4f comment="CAMERA PIA" \
|
|
mac-address=D8:36:5F:40:05:4F server=069_SEDE_FIX
|
|
add address=192.168.0.163 comment="### ALAMR INTEBRAS" mac-address=\
|
|
48:51:CF:DE:5E:11 server=069_SEDE_FIX
|
|
add address=192.168.0.50 client-id=1:bc:32:5f:f4:f6:82 mac-address=\
|
|
BC:32:5F:F4:F6:82 server=069_SEDE_FIX
|
|
add address=192.168.70.99 client-id=1:84:7b:57:e7:91:77 mac-address=\
|
|
84:7B:57:E7:91:77 server=070_DHCP_TI_NOC
|
|
add address=192.168.0.73 client-id=1:74:e5:f9:94:97:15 mac-address=\
|
|
74:E5:F9:94:97:15 server=069_SEDE_FIX
|
|
add address=192.168.0.202 client-id=1:7c:5c:f8:24:6f:fd mac-address=\
|
|
7C:5C:F8:24:6F:FD server=069_SEDE_FIX
|
|
add address=192.168.0.140 client-id=1:5c:cd:5b:d9:cc:b3 mac-address=\
|
|
5C:CD:5B:D9:CC:B3 server=069_SEDE_FIX
|
|
add address=10.0.13.181 client-id=1:dc:a6:32:99:e5:ac comment=\
|
|
"SEDE - Raspberry Pi" mac-address=DC:A6:32:99:E5:AC server=013-iOT
|
|
add address=192.168.0.61 client-id=1:74:e5:f9:3c:38:40 mac-address=\
|
|
74:E5:F9:3C:38:40 server=069_SEDE_FIX
|
|
add address=10.0.13.32 comment="SEDE - Sensor de temperatura" mac-address=\
|
|
FC:F5:C4:AB:4C:8A server=013-iOT
|
|
add address=10.0.13.39 comment="P4 - Ar condcionado" mac-address=\
|
|
1C:39:29:24:FC:BB server=013-iOT
|
|
add address=10.0.13.40 comment="P2 - Ar condcionado" mac-address=\
|
|
1C:39:29:03:FB:B4 server=013-iOT
|
|
add address=10.0.13.49 comment="SEDE - AR - Atendimento2" mac-address=\
|
|
1C:39:29:7F:A3:1A server=013-iOT
|
|
add address=10.0.13.50 comment="SEDE - AR - Atendimento1" mac-address=\
|
|
1C:39:29:7E:E2:53 server=013-iOT
|
|
add address=192.168.0.13 comment=CASAOS mac-address=00:00:00:00:00:13 server=\
|
|
069_SEDE_FIX
|
|
add address=10.0.13.96 comment=P1-F.VERMELHA mac-address=18:DE:50:38:BC:8E \
|
|
server=013-iOT
|
|
add address=10.0.13.93 comment="SEDE - IR-AC-ADM" mac-address=\
|
|
1C:90:FF:8E:95:83 server=013-iOT
|
|
add address=10.0.13.44 comment="P1 - Ar condcionado" mac-address=\
|
|
1C:39:29:15:78:F3 server=013-iOT
|
|
add address=10.0.13.57 comment="P4 - Ar condcionado 2" mac-address=\
|
|
1C:39:29:BD:44:49 server=013-iOT
|
|
add address=10.0.13.94 comment=P4-ALARME mac-address=44:3B:32:5A:CD:AC \
|
|
server=013-iOT
|
|
add address=10.0.13.51 comment=P4-F.VERMELHA mac-address=18:DE:50:AF:BF:85 \
|
|
server=013-iOT
|
|
add address=192.168.0.134 client-id=1:84:7b:57:e7:91:27 mac-address=\
|
|
84:7B:57:E7:91:27 server=069_SEDE_FIX
|
|
add address=10.0.13.35 comment=P3-F.VERMELHA mac-address=18:DE:50:A4:6E:9E \
|
|
server=013-iOT
|
|
add address=192.168.0.18 comment="NC container - PROXY" mac-address=\
|
|
00:00:00:00:00:18 server=069_SEDE_FIX
|
|
add address=10.0.13.97 comment=P2-F.VERMELHA mac-address=18:DE:50:AF:BE:27 \
|
|
server=013-iOT
|
|
add address=10.0.13.95 comment=P2-F.PRETA mac-address=18:DE:50:A4:6A:F6 \
|
|
server=013-iOT
|
|
add address=10.0.13.99 comment=P2-ALARME mac-address=30:E1:F1:A3:18:D9 \
|
|
server=013-iOT
|
|
add address=10.0.13.45 comment=P4-SONOFF mac-address=18:DE:50:A6:94:67 \
|
|
server=013-iOT
|
|
add address=10.0.13.36 comment=P3-F.PRETA mac-address=18:DE:50:A4:76:95 \
|
|
server=013-iOT
|
|
add address=10.0.13.56 comment=P4-F.PRETA mac-address=18:DE:50:A4:64:A7 \
|
|
server=013-iOT
|
|
add address=10.0.13.53 comment=P1-F.PRETA mac-address=18:DE:50:0A:CC:20 \
|
|
server=013-iOT
|
|
add address=10.0.13.54 comment=P1-PRETA-SABESP mac-address=18:DE:50:38:C1:44 \
|
|
server=013-iOT
|
|
add address=10.0.13.55 comment=P1-VERMELHA-SABESP mac-address=\
|
|
18:DE:50:38:C7:AF server=013-iOT
|
|
add address=10.0.13.52 comment=SEDE-FECHADURA-ESTOQUE mac-address=\
|
|
D8:1F:12:39:DE:F3 server=013-iOT
|
|
add address=10.0.13.41 comment=P4-TEMP-RACK mac-address=50:8B:B9:5E:39:84 \
|
|
server=013-iOT
|
|
add address=10.0.13.42 comment=P4-TEMP-GERADOR mac-address=1C:90:FF:F0:B7:E6 \
|
|
server=013-iOT
|
|
add address=10.0.13.58 comment=P1-TEMP-RACK mac-address=A8:80:55:18:AC:13 \
|
|
server=013-iOT
|
|
add address=10.0.13.34 comment=P4-TEMP_BATERIA mac-address=50:8B:B9:30:B6:26 \
|
|
server=013-iOT
|
|
add address=10.0.13.59 comment=P3-DETEC-FUMACA mac-address=1C:90:FF:B1:69:62 \
|
|
server=013-iOT
|
|
add address=10.0.13.31 client-id=1:f4:ce:23:a4:c1:58 comment=P3-TEMP-BATERIA \
|
|
mac-address=50:8B:B9:2D:C4:C3 server=013-iOT
|
|
add address=10.0.13.30 comment=P4-DETC_FUMACA mac-address=18:DE:50:C4:B7:E7 \
|
|
server=013-iOT
|
|
add address=10.0.13.48 client-id=1:46:ee:40:4f:14:91 comment=SEDE_CELULAR-TI \
|
|
mac-address=46:EE:40:4F:14:91 server=013-iOT
|
|
add address=10.0.13.33 comment=P3-TEMP_RACK mac-address=50:8B:B9:5E:1A:59 \
|
|
server=013-iOT
|
|
add address=10.0.13.62 comment=P2-DETEC_FUMACA mac-address=18:DE:50:C4:BF:D2 \
|
|
server=013-iOT
|
|
add address=10.0.13.174 comment=P2-TEMP_RACK mac-address=A8:80:55:1D:90:0A \
|
|
server=013-iOT
|
|
add address=10.0.13.175 comment=P2-TEMP_PORTA mac-address=A8:80:55:1B:67:1B \
|
|
server=013-iOT
|
|
add address=10.0.13.68 mac-address=FC:3C:D7:DD:B3:5D server=013-iOT
|
|
add address=192.168.0.19 comment="SW estoque" mac-address=00:00:00:00:00:19 \
|
|
server=069_SEDE_FIX
|
|
add address=192.168.0.21 comment="teste IA" mac-address=00:00:00:00:00:21 \
|
|
server=069_SEDE_FIX
|
|
add address=10.0.13.78 comment=P3-AC-LG-22Btu mac-address=34:E6:E6:57:1D:DC \
|
|
server=013-iOT
|
|
add address=10.0.13.69 mac-address=D8:C8:0C:02:B7:3C server=013-iOT
|
|
add address=10.0.13.70 mac-address=D8:C8:0C:02:B4:B5 server=013-iOT
|
|
add address=192.168.0.78 client-id=1:98:e5:5b:1f:d5:c4 mac-address=\
|
|
98:E5:5B:1F:D5:C4 server=069_SEDE_FIX
|
|
add address=192.168.0.53 client-id=1:b8:27:eb:7c:fd:82 mac-address=\
|
|
B8:27:EB:7C:FD:82 server=069_SEDE_FIX
|
|
add address=192.168.0.110 client-id=1:0:21:b7:b3:3c:4 mac-address=\
|
|
00:21:B7:B3:3C:04 server=069_SEDE_FIX
|
|
/ip dhcp-server network
|
|
add address=10.0.13.0/24 dns-server=45.228.246.122,45.228.244.121 domain=\
|
|
fixfibra.br gateway=10.0.13.23
|
|
add address=192.168.0.0/24 comment="DNS - sede 192.168.0.6" dns-server=\
|
|
192.168.0.6 domain=fixfibra.br gateway=192.168.0.2
|
|
add address=192.168.70.0/24 dns-server=192.168.0.6 domain=fixfibra.br \
|
|
gateway=192.168.70.2
|
|
add address=192.168.71.0/24 dns-server=45.228.244.121,45.228.246.122 domain=\
|
|
fixfibra.guest gateway=192.168.71.2
|
|
add address=192.168.72.0/24 dns-server=45.228.244.121,45.228.246.122 domain=\
|
|
fixfibra.guest gateway=192.168.72.2
|
|
/ip dns
|
|
set cache-max-ttl=1d servers=192.168.0.6,2804:47e4:1::120,2804:47e4:8002::124
|
|
/ip firewall address-list
|
|
add address=192.168.0.6 list=Allow_sede
|
|
add address=192.168.0.24 list=Allow_sede
|
|
add address=192.168.0.7 list=Allow_sede
|
|
add address=192.168.70.0/24 list=AL_CELULARES-DROP
|
|
add address=10.0.0.0/8 list=AL_CELULARES-DROP
|
|
add address=192.168.0.0/24 list=AL_CELULARES-DROP
|
|
add address=192.168.70.0/24 list=AL_SEDE-DROP
|
|
add address=10.0.0.0/8 list=AL_SEDE-DROP
|
|
add address=192.168.0.15 list=Allow_sede
|
|
add address=10.0.24.10 list=AL-ACP-FERNANDA-OLT
|
|
add address=10.0.24.12 list=AL-ACP-FERNANDA-OLT
|
|
add address=10.0.24.13 list=AL-ACP-FERNANDA-OLT
|
|
add address=10.0.24.14 list=AL-ACP-FERNANDA-OLT
|
|
add address=10.0.0.0/8 list=AL_SAIDA_RFC_4193
|
|
add address=192.168.0.0/16 list=AL_SAIDA_RFC_4193
|
|
add address=172.16.0.0/12 list=AL_SAIDA_RFC_4193
|
|
add address=10.0.24.0/24 list=AL_GERENCIA_TI-NOC
|
|
add address=10.1.24.0/24 list=AL_GERENCIA_TI-NOC
|
|
add address=192.168.0.47 list=Allow_sede
|
|
add address=192.168.0.46 list=Allow_sede
|
|
add address=192.168.0.45 list=Allow_sede
|
|
add address=192.168.0.20 list=Allow_sede
|
|
add address=192.168.0.16 list=Allow_sede
|
|
add address=192.168.0.11 list=Allow_sede
|
|
add address=192.168.0.12 list=Allow_sede
|
|
add address=192.168.0.13 list=Allow_sede
|
|
add address=192.168.0.202 comment=NOTE-DAVI list=Allow-RASP
|
|
add address=192.168.0.140 comment=NOTE-LEO list=Allow-RASP
|
|
add address=192.168.0.73 comment=NOTE-GILMAR list=Allow-RASP
|
|
add address=192.168.0.95 list=Allow_sede
|
|
add address=192.168.0.17 list=Allow_sede
|
|
add address=10.0.24.11 list=AL-ACP-FERNANDA-OLT
|
|
add address=192.168.0.5 list=Allow_sede
|
|
add address=192.168.0.206 list=Allow_sede
|
|
add address=192.168.100.0/24 list=AL-ALLOW-71-unifi
|
|
add address=192.168.0.250 list=Allow_sede
|
|
add address=192.168.0.22 list=Allow_sede
|
|
add address=192.168.0.35 list=Allow_sede
|
|
add address=192.168.0.34 list=Allow_sede
|
|
add address=192.168.0.21 list=Allow_sede
|
|
add address=192.168.0.30 list=Allow_sede
|
|
add address=192.168.0.32 list=Allow_sede
|
|
add address=192.168.0.31 list=Allow_sede
|
|
add address=192.168.0.19 list=Allow_sede
|
|
add address=192.168.0.18 list=Allow_sede
|
|
add address=192.168.0.36 list=Allow_sede
|
|
add address=192.168.0.14 list=Allow_sede
|
|
add address=192.168.0.37 list=Allow_sede
|
|
add address=192.168.0.40 list=Allow_sede
|
|
add address=10.25.0.0/18 list=AL_GERENCIA_TI-NOC
|
|
add address=192.168.0.8 list=Allow_sede
|
|
add address=192.168.0.9 list=Allow_sede
|
|
add address=192.168.0.85 list=Allow_sede
|
|
add address=10.0.26.0/24 list=AL_GERENCIA_TI-NOC
|
|
add address=192.168.0.50 list=Allow_sede
|
|
add address=192.168.0.108 list=Allow_sede
|
|
add address=192.168.0.27 list=Allow_sede
|
|
add address=192.168.0.54 list=Allow_sede
|
|
add address=191.9.20.40 list=CASA-ANDRE
|
|
add address=172.20.0.0/22 list=AL_GERENCIA_TI-NOC
|
|
add address=172.20.8.0/22 list=AL_GERENCIA_TI-NOC
|
|
add address=192.168.0.41 list=Allow_sede
|
|
add address=192.168.0.25 list=Allow_sede
|
|
add address=192.168.0.39 list=Allow_sede
|
|
add address=192.168.0.53 list=Allow_sede
|
|
add address=192.168.80.0/24 list=Allow_sede
|
|
add address=10.0.13.0/24 list=AL_GERENCIA_TI-NOC
|
|
add address=192.168.0.78 list=Allow_sede
|
|
add address=192.168.0.26 list=Allow_sede
|
|
add address=192.168.0.2 list=Allow_sede
|
|
add address=10.0.70.0/30 list=Allow_sede
|
|
add address=192.168.0.110 list=Allow_sede
|
|
/ip firewall filter
|
|
add action=fasttrack-connection chain=forward connection-state=\
|
|
established,related hw-offload=yes
|
|
add action=accept chain=forward connection-state=established,related
|
|
/ip firewall nat
|
|
add action=dst-nat chain=dstnat comment="## NAT - NextCloud" dst-address=\
|
|
45.228.244.4 dst-port=443 protocol=tcp to-addresses=192.168.0.17 \
|
|
to-ports=443
|
|
add action=dst-nat chain=dstnat comment="## NAT TALK - NextCloud" \
|
|
dst-address=45.228.244.4 dst-port=5349 protocol=tcp to-addresses=\
|
|
192.168.0.17 to-ports=443
|
|
add action=dst-nat chain=dstnat comment="## NAT TALK - NextCloud" \
|
|
dst-address=45.228.244.4 dst-port=5349 protocol=udp to-addresses=\
|
|
192.168.0.17 to-ports=443
|
|
add action=dst-nat chain=dstnat comment="## NAT - NextCloud" dst-address=\
|
|
45.228.244.4 dst-port=80 protocol=tcp to-addresses=192.168.0.17 to-ports=\
|
|
80
|
|
add action=dst-nat chain=dstnat comment="## NAT - GERADOR POP 1" dst-address=\
|
|
45.228.244.4 dst-port=1351 protocol=tcp to-addresses=10.0.13.103 \
|
|
to-ports=1351
|
|
add action=src-nat chain=srcnat comment="## NAT PARA APP MAPEAMENTO DE PORTA" \
|
|
dst-address-list=AL-ACP-FERNANDA-OLT src-address=192.168.0.15 \
|
|
to-addresses=10.0.24.23
|
|
add action=src-nat chain=srcnat comment="## NAT WAN - IOT NAT 246.4" \
|
|
dst-address-list=!AL_SAIDA_RFC_4193 src-address=10.0.13.0/24 \
|
|
to-addresses=45.228.246.4
|
|
add action=src-nat chain=srcnat comment="## NAT WAN - SEDE 69" \
|
|
dst-address-list=!AL_SAIDA_RFC_4193 src-address=192.168.0.0/24 \
|
|
to-addresses=45.228.244.4
|
|
add action=src-nat chain=srcnat comment="## NAT WAN - NOC 70" \
|
|
dst-address-list=!AL_SAIDA_RFC_4193 src-address=192.168.70.0/24 \
|
|
to-addresses=45.228.244.4
|
|
add action=src-nat chain=srcnat comment="## NAT WAN - HOTSPOT 72" \
|
|
dst-address-list=!AL_SAIDA_RFC_4193 src-address=192.168.72.0/24 \
|
|
to-addresses=45.228.244.4
|
|
add action=src-nat chain=srcnat comment="## NAT - vlan 24 X TI-NOC" \
|
|
dst-address-list=AL_GERENCIA_TI-NOC src-address=192.168.70.0/24 \
|
|
to-addresses=10.0.24.23
|
|
add action=src-nat chain=srcnat comment="## NAT - vlan 124 X TI-NOC" \
|
|
dst-address-list=AL_GERENCIA_TI-NOC src-address=192.168.70.0/24 \
|
|
to-addresses=10.1.24.23
|
|
add action=src-nat chain=srcnat comment="## NAT WAN - UPDATE" disabled=yes \
|
|
dst-address-list=!AL_SAIDA_RFC_4193 to-addresses=45.228.244.4
|
|
/ip firewall raw
|
|
add action=accept chain=prerouting comment=\
|
|
"## Regra para portal de mapeamento" dst-address-list=AL-ACP-FERNANDA-OLT \
|
|
src-address=192.168.0.15
|
|
add action=accept chain=prerouting comment="## Regra para Teste GenieACS" \
|
|
dst-address=10.0.24.136 src-address=192.168.0.13
|
|
add action=accept chain=prerouting comment="## Liberacao - UNIFI - OUTROS" \
|
|
dst-address=192.168.0.24 src-address-list=AL-ALLOW-71-unifi
|
|
add action=accept chain=prerouting comment="## Regra de saida da VLAN 70" \
|
|
src-address=192.168.70.0/24
|
|
add action=accept chain=prerouting comment=\
|
|
"## Regra de liberacao da Vlan 70 para host da vlan 69" dst-address=\
|
|
192.168.70.0/24 src-address-list=Allow_sede
|
|
add action=drop chain=prerouting comment=\
|
|
"## Regra de bloqueio da vlan 69 para outras redes" dst-address-list=\
|
|
AL_SEDE-DROP src-address=192.168.0.0/24
|
|
add action=drop chain=prerouting comment=\
|
|
"## Regra de bloqueio da vlan 71 para outras redes" disabled=yes \
|
|
dst-address-list=AL_CELULARES-DROP src-address=192.168.100.0/24
|
|
add action=drop chain=prerouting comment=\
|
|
"## Regra de bloqueio da vlan 72 para outras redes" dst-address=\
|
|
!192.168.0.24 dst-address-list=AL_CELULARES-DROP src-address=\
|
|
192.168.72.0/24
|
|
/ip firewall service-port
|
|
set ftp disabled=yes
|
|
set tftp disabled=yes
|
|
set h323 disabled=yes
|
|
set sip disabled=yes
|
|
set pptp disabled=yes
|
|
/ip ipsec profile
|
|
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
|
|
/ip route
|
|
add check-gateway=ping comment="## Default Route - B2" disabled=no distance=\
|
|
20 dst-address=0.0.0.0/0 gateway=172.31.32.21 pref-src="" routing-table=\
|
|
main scope=30 suppress-hw-offload=no target-scope=10
|
|
add check-gateway=arp comment="## Default Route - B1" disabled=no distance=\
|
|
100 dst-address=0.0.0.0/0 gateway=172.31.31.21 routing-table=main scope=\
|
|
30 suppress-hw-offload=no target-scope=10
|
|
add comment="## GERENCIA 053-RADIOS" disabled=yes distance=1 dst-address=\
|
|
192.168.10.0/24 gateway=10.0.24.33 routing-table=main scope=30 \
|
|
suppress-hw-offload=no target-scope=10
|
|
add comment="Gerencia vlan 25" disabled=no distance=1 dst-address=\
|
|
10.25.0.0/18 gateway=10.0.24.35 routing-table=main scope=30 \
|
|
suppress-hw-offload=no target-scope=10
|
|
add comment="## Gerencia contratos bloqueados B2" disabled=no distance=1 \
|
|
dst-address=172.20.8.0/22 gateway=10.0.24.8 routing-table=main scope=30 \
|
|
suppress-hw-offload=no target-scope=10
|
|
add comment="## Gerencia contratos bloqueados B1" disabled=no distance=1 \
|
|
dst-address=172.20.0.0/22 gateway=10.0.24.9 routing-table=main scope=30 \
|
|
suppress-hw-offload=no target-scope=10
|
|
/ipv6 route
|
|
add check-gateway=ping comment="## Default Route - VS01" disabled=no \
|
|
distance=20 dst-address=::/0 gateway=2804:47e4:0:1::15 routing-table=main \
|
|
scope=30 suppress-hw-offload=no target-scope=10
|
|
add check-gateway=ping comment="## Default Route - VS02" disabled=no \
|
|
distance=100 dst-address=::/0 gateway=2804:47e4:8000:1::15 routing-table=\
|
|
main scope=30 suppress-hw-offload=no target-scope=10
|
|
add blackhole comment=BLACKHOLE disabled=no distance=255 dst-address=\
|
|
2804:47e4:8c0::/48 gateway="" routing-table=main scope=30 \
|
|
suppress-hw-offload=no
|
|
/ip service
|
|
set ftp disabled=yes
|
|
set telnet disabled=yes
|
|
set www disabled=yes
|
|
set winbox address=10.0.0.0/8,45.228.244.0/22,2804:47e4::/32,192.168.0.0/16 \
|
|
port=8292
|
|
set api disabled=yes
|
|
set api-ssl disabled=yes
|
|
set ssh address=2804:47e4:8c0::/48,10.1.24.0/24 port=9022
|
|
/ip upnp
|
|
set show-dummy-rule=no
|
|
/ipv6 address
|
|
add address=2804:47e4:0:1::16/126 advertise=no comment=Enlace-VS01 interface=\
|
|
vlanif_199
|
|
add address=::1 from-pool=v6_pool_LAN interface=vlanif_69
|
|
add address=::1 from-pool=v6_pool_LAN_NOC interface=vlanif_70
|
|
add address=::1 from-pool=v6_pool_013_iot interface=vlanif_13
|
|
add address=2804:47e4:8000:1::16/126 advertise=no comment=Enlace-VS02 \
|
|
interface=vlanif_299
|
|
add address=fe80::4a8f:5aff:fe7a:1c7e advertise=no interface=vlanif_71
|
|
/ipv6 firewall address-list
|
|
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
|
|
add address=::1/128 comment="defconf: lo" list=bad_ipv6
|
|
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
|
|
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
|
|
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
|
|
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
|
|
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
|
|
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
|
|
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
|
|
add address=2804:47e4:8c0::/48 list="Bloco Sede"
|
|
add address=2804:47e4::/32 list=FIX-MeuBloco
|
|
add address=2804:47e4:8c0:4000::13/128 comment="DVR IOT" list=Servicos_sede
|
|
add address=2804:47e4:8c0:3000::17/128 list=Servicos_sede
|
|
add address=fc00::/7 list=RFC-IPv6
|
|
add address=fe80::/64 list=RFC-IPv6
|
|
add address=ff00::/8 list=RFC-IPv6
|
|
add address=2001::/23 list=bad_ipv6
|
|
add address=2804:47e4:8002::124/128 list=Servicos_sede
|
|
add address=2804:47e4:8c0:3000::22/128 comment=OCS-INVETORY list=\
|
|
Servicos_sede
|
|
add address=2804:47e4:8c0:3000::5/128 comment="DVR SEDE" list=Servicos_sede
|
|
add address=2804:47e4:8c0:3000::5/128 comment="DVR SEDE" list=DVR
|
|
add address=2804:47e4:8c0:4000::13/128 comment="DVR IOT" list=DVR
|
|
/ipv6 firewall filter
|
|
add action=accept chain=input comment="Permit - ICPMv6" protocol=icmpv6
|
|
add action=accept chain=input comment="Permit - Link local" dst-address-list=\
|
|
RFC-IPv6 src-address-list=RFC-IPv6
|
|
add action=accept chain=input comment="Permit - Winbox" dst-port=8292 \
|
|
protocol=tcp src-address-list=FIX-MeuBloco
|
|
add action=accept chain=input comment="Permit - input - estab, related" \
|
|
connection-state=established,related
|
|
add action=drop chain=input comment="Drop - input " disabled=yes
|
|
add action=accept chain=forward comment="Permit - ICMPv6" protocol=icmpv6
|
|
add action=accept chain=forward comment="Permit - foward - estab, related" \
|
|
connection-state=established,related
|
|
add action=accept chain=forward comment="Permit - Upload" src-address-list=\
|
|
"Bloco Sede"
|
|
add action=accept chain=forward comment="Permit - Dst Web" dst-address-list=\
|
|
Servicos_sede dst-port=80,443 protocol=tcp
|
|
add action=accept chain=forward comment="Permit - Dst Web" dst-address-list=\
|
|
DVR dst-port=37777 protocol=tcp
|
|
add action=accept chain=forward comment="TURN - TALK NC" dst-address=\
|
|
2804:47e4:8c0:3000::17/128 dst-port=5349 protocol=tcp
|
|
add action=accept chain=forward comment="TURN - TALK NC" dst-address=\
|
|
2804:47e4:8c0:3000::17/128 dst-port=5349 protocol=udp
|
|
add action=drop chain=forward disabled=yes
|
|
/ipv6 firewall raw
|
|
add action=accept chain=prerouting comment="Aceita ICMPv6" disabled=yes \
|
|
protocol=icmpv6
|
|
add action=accept chain=prerouting comment=\
|
|
"Aceita HTTP e HTTPS na interface WAN" disabled=yes dst-address-list=\
|
|
Servicos_sede dst-port=80,443 protocol=tcp
|
|
add action=accept chain=prerouting comment="Permit -RFC" disabled=yes \
|
|
dst-address-list=RFC-IPv6 src-address-list=RFC-IPv6
|
|
add action=accept chain=prerouting comment="Bloco FIX " disabled=yes \
|
|
dst-address-list=FIX-MeuBloco src-address-list=FIX-MeuBloco
|
|
add action=accept chain=prerouting comment=\
|
|
"Aceita com prefixo de origem a sede" disabled=yes src-address-list=\
|
|
"Bloco Sede"
|
|
add action=accept chain=prerouting comment="Aceita local Multicast" disabled=\
|
|
yes dst-address=ff02::/16
|
|
add action=drop chain=prerouting comment="Drop src bogon IP's" disabled=yes \
|
|
src-address-list=bad_ipv6
|
|
add action=drop chain=prerouting comment="Drop dst bogon IP's" disabled=yes \
|
|
dst-address-list=bad_ipv6
|
|
add action=accept chain=prerouting comment="Aceita todo o resto da WAN" \
|
|
disabled=yes in-interface=vlanif_199
|
|
add action=drop chain=prerouting comment="Descarta o resto" disabled=yes \
|
|
log-prefix=debug_
|
|
add action=accept chain=prerouting comment="Aceita DNS na interface WAN" \
|
|
disabled=yes dst-port=53 protocol=udp
|
|
/ipv6 nd
|
|
set [ find default=yes ] managed-address-configuration=yes \
|
|
other-configuration=yes
|
|
add dns=2804:47e4:8c0:3000::6 interface=vlanif_70 \
|
|
managed-address-configuration=yes other-configuration=yes ra-preference=\
|
|
high
|
|
add interface=vlanif_13 managed-address-configuration=yes \
|
|
other-configuration=yes
|
|
add dns=2804:47e4:8c0:3000::6 interface=vlanif_69 \
|
|
managed-address-configuration=yes other-configuration=yes ra-preference=\
|
|
high
|
|
add advertise-dns=no interface=vlanif_199 managed-address-configuration=yes \
|
|
ra-preference=low
|
|
add interface=vlanif_71 managed-address-configuration=yes \
|
|
other-configuration=yes ra-preference=high
|
|
/mpls settings
|
|
set allow-fast-path=no propagate-ttl=no
|
|
/ppp secret
|
|
add name=andrefix profile=L2TP_NOC remote-address=192.168.70.10 service=l2tp
|
|
add name=daniel.sato profile=L2TP_NOC remote-address=192.168.70.11 service=\
|
|
l2tp
|
|
add name=telicfix profile=L2TP_NOC remote-address=192.168.70.12 service=l2tp
|
|
add name=telicfix2 profile=L2TP_NOC remote-address=192.168.70.13 service=l2tp
|
|
add name=diego profile=L2TP service=l2tp
|
|
add disabled=yes name=diego2 profile=L2TP service=l2tp
|
|
add disabled=yes name=guilherme profile=L2TP_NOC remote-address=192.168.70.14 \
|
|
service=l2tp
|
|
add name=otaviofix profile=L2TP_NOC remote-address=192.168.70.12 service=l2tp
|
|
add name=mariana.batista profile=L2TP_NOC remote-address=192.168.70.14 \
|
|
service=l2tp
|
|
add name=ppp1 profile=L2TP_NOC remote-address=192.168.70.15 routes=\
|
|
192.168.70.2 service=l2tp
|
|
/radius
|
|
add address=10.1.24.138 comment="Radius - 10.1.24.138" require-message-auth=\
|
|
no service=login src-address=10.1.24.23 timeout=300ms
|
|
/radius incoming
|
|
set accept=yes
|
|
/snmp
|
|
set contact="FIX FIBRA" enabled=yes location="\"Av. Nossa Sra. dos Navegantes,\
|
|
\_1222 - Eldorado, Diadema - SP, 09972-260\"" src-address=10.0.24.23 \
|
|
trap-version=2
|
|
/system clock
|
|
set time-zone-name=America/Sao_Paulo
|
|
/system identity
|
|
set name=SEDE-4011
|
|
/system note
|
|
set show-at-login=no
|
|
/system ntp client
|
|
set enabled=yes
|
|
/system ntp client servers
|
|
add address=45.228.244.121
|
|
add address=45.228.246.122
|
|
add address=2804:47e4:1::120
|
|
add address=2894:47e4:8002::124
|
|
/system scheduler
|
|
add name="Reboot=UPD" on-event="/system reboot" policy=reboot start-date=\
|
|
2025-03-13 start-time=22:45:00
|
|
/system watchdog
|
|
set watchdog-timer=no
|
|
/tool bandwidth-server
|
|
set enabled=no
|
|
/tool mac-server
|
|
set allowed-interface-list=LAN
|
|
/tool mac-server mac-winbox
|
|
set allowed-interface-list=LAN
|
|
/tool netwatch
|
|
add disabled=no down-script="/log info message=\"Deviando upload para rota de \
|
|
backup\"\r\
|
|
\n/ip route/disable [find comment=\"ROTA-DEFAULT-NAT01\"]\r\
|
|
\n" host=192.33.4.12 http-codes="" interval=1m test-script="" type=icmp \
|
|
up-script="/log info message=\"Deviando upload para rota princiapl\"\r\
|
|
\n/ip route/enable [find comment=\"ROTA-DEFAULT-NAT01\"]\r\
|
|
\n"
|
|
/tool romon
|
|
set enabled=yes
|
|
/user aaa
|
|
set use-radius=yes
|