Scribd
Upload
2K views4 pages

Script Inicial Mikrotik

This document contains the configuration for a MikroTik router to set up a wireless access point, Ethernet switching, NAT, firewall rules and DHCP services. It applies the configuration on startup and provides commands to revert the changes.

Uploaded by

ic3_2k
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
2K views4 pages

Script Inicial Mikrotik

This document contains the configuration for a MikroTik router to set up a wireless access point, Ethernet switching, NAT, firewall rules and DHCP services. It applies the configuration on startup and provides commands to revert the changes.

Uploaded by

ic3_2k
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 4

:global ssid;

#| Wireless Configuration:
#|
mode:
ap-bridge;
#|
band:
2ghz-b/g/n;
#|
frequency:
2412;
#|
ht-chains:
two;
#|
ht-extension: 20/40mhz-ht-above;
#|
#| WAN (gateway) Configuration:
#|
gateway:
ether1 (renamed with extension '-gateway');
#|
firewall:
enabled;
#|
NAT:
enabled;
#|
DHCP Client:
enabled;
#|
#| LAN Configuration:
#|
LAN Port:
bridge-local;
#|
switch group: ether2 (master), ether3, ether4, ether5
#|
(renamed with extensions '-master-local' and '-slave-local')
#|
LAN IP:
192.168.88.1;
#|
DHCP Server:
enabled;
:global action;
:local dhcpEnabled 0;
:local wirelessEnabled 0;
#check for wireless and dhcp packages
:if ([:len [/system package find name="dhcp" !disabled]] != 0) do={
:set dhcpEnabled 1;
}
:if ([:len [/system package find name="wireless" !disabled]] != 0) do={
:set wirelessEnabled 1;
}
#------------------------------------------------------------------------------# Apply configuration.
# these commands are executed after installation or configuration reset
#------------------------------------------------------------------------------:if ($action = "apply") do={
# wait for interfaces
:while ([/interface ethernet find] = "") do={ :delay 1s; };
:if ( $wirelessEnabled = 1) do={
:local count 0;
:while ([/interface wireless find] = "") do={
:set count ($count +1);
:if ($count = 60) do={
:log warning "DefConf: Unable to find wireless i
nterface";
/ip address add address=192.168.88.1/24 interfac
e=ether1;
/quit
}
:delay 1s;
};
/interface wireless set wlan1 mode=ap-bridge band=2ghz-b/g/n fre
quency=2412 ht-txchains=0,1 ht-rxchains=0,1 \
disabled=no wireless-protocol=any distance=indoors
:local wlanMac [/interface wireless get wlan1 mac-address];
:set ssid "MikroTik-$[:pick $wlanMac 9 11]$[:pick $wlanMac 12 14
]$[:pick $wlanMac 15 17]"

/interface wireless set wlan1 ssid=$ssid


/interface wireless set wlan1 channel-width=20/40mhz-ht-above ;
}
/interface set ether1 name="ether1-gateway";
:if ( $dhcpEnabled = 1) do={
/ip dhcp-client add interface=ether1-gateway disabled=no comment
="default configuration";
}
/interface {
set ether2 name=ether2-master-local;
set ether3 name=ether3-slave-local;
set ether4 name=ether4-slave-local;
set ether5 name=ether5-slave-local;
}
/interface ethernet {
set ether3-slave-local master-port=ether2-master-local;
set ether4-slave-local master-port=ether2-master-local;
set ether5-slave-local master-port=ether2-master-local;
}
/interface bridge
add name=bridge-local disabled=no auto-mac=no protocol-mode=rstp
;
:local bMACIsSet 0;
:foreach k in=[/interface find] do={
:local tmpPortName [/interface get $k name];
:if (!($tmpPortName~"bridge" || $tmpPortName~"ether1"|| $tmpPor
tName~"slave")) do={
:if ($bMACIsSet = 0) do={
:if ([/interface get $k type] = "ether") do={
/interface bridge set "bridge-local" adm
in-mac=[/interface ethernet get $tmpPortName mac-address];
:set bMACIsSet 1;
}
}
/interface bridge port
add bridge=bridge-local interface=$tmpPortName;
}
}
/ip address add address=192.168.88.1/24 interface=bridge-local comment="
default configuration";
:if ($dhcpEnabled = 1) do={
/ip pool add name="default-dhcp" ranges=192.168.88.10-192.168.88
.254;
/ip dhcp-server
add name=default address-pool="default-dhcp" interface=b
ridge-local disabled=no;
/ip dhcp-server network
add address=192.168.88.0/24 gateway=192.168.88.1 dns-ser
ver=192.168.88.1 comment="default configuration";
}
/ip firewall nat add chain=srcnat out-interface=ether1-gateway action=ma
squerade comment="default configuration"
/ip firewall {
filter add chain=input action=accept protocol=icmp comment="defa
ult configuration"
filter add chain=input action=accept connection-state=establishe
d comment="default configuration"

filter add chain=input action=accept connection-state=related co


mment="default configuration"
filter add chain=input action=drop in-interface=ether1-gateway c
omment="default configuration"
filter add chain=forward action=accept connection-state=establishe
d comment="default configuration"
filter add chain=forward action=accept connection-state=related co
mment="default configuration"
filter add chain=forward action=drop connection-state=invalid comm
ent="default configuration"
}
/tool mac-server disable [find];
/tool mac-server mac-winbox disable [find];
:foreach k in=[/interface find] do={
:local tmpName [/interface get $k name];
:if (!($tmpName~"ether1")) do={
/tool mac-server add interface=$tmpName disabled=no;
/tool mac-server mac-winbox add interface=$tmpName disab
led=no;
}
}
/ip neighbor discovery set [find name="ether1-gateway"] discover=no
/ip dns {
set allow-remote-requests=yes
static add name=router address=192.168.88.1
}
}
#------------------------------------------------------------------------------# Revert configuration.
# these commands are executed if user requests to remove default configuration
#------------------------------------------------------------------------------:if ($action = "revert") do={
# remove wan port protection
/ip firewall {
:local o [nat find comment="default configuration"]
:if ([:len $o] != 0) do={ nat remove $o }
:local o [filter find comment="default configuration"]
:if ([:len $o] != 0) do={ filter remove $o }
}
/tool mac-server remove [find interface!=all]
/tool mac-server set [find] disabled=no
/tool mac-server mac-winbox remove [find interface!=all]
/tool mac-server mac-winbox set [find] disabled=no
# reset wan ports;
/ip neighbor discovery set [find name="ether1-gateway"] discover=yes
/interface set "ether1-gateway" name=ether1;
:if ($dhcpEnabled = 1) do={
:local o [/ip dhcp-server network find comment="default configur
ation"]
:if ([:len $o] != 0) do={ /ip dhcp-server network remove $o }
:local o [/ip dhcp-server find name="default" address-pool="defa
ult-dhcp" interface="bridge-local" !disabled]
:if ([:len $o] != 0) do={ /ip dhcp-server remove $o }
/ip pool {
:local o [find name="default-dhcp" ranges=192.168.88.10192.168.88.254]
:if ([:len $o] != 0) do={ remove $o }
}

:local o [/ip dhcp-client find comment="default configuration"]


:if ([:len $o] != 0) do={ /ip dhcp-client remove $o }
}
/ip dns {
set allow-remote-requests=no
:local o [static find name=router address=192.168.88.1]
:if ([:len $o] != 0) do={ static remove $o }
}
/ip address {
:local o [find comment="default configuration"]
:if ([:len $o] != 0) do={ remove $o }
}
# remove switch
/interface set ether2-master-local name=ether2;
/interface ethernet set ether3-slave-local master-port=none;
/interface set ether3-slave-local name=ether3;
/interface ethernet set ether4-slave-local master-port=none;
/interface set ether4-slave-local name=ether4;
/interface ethernet set ether5-slave-local master-port=none;
/interface set ether5-slave-local name=ether5;
/interface bridge port remove [find bridge="bridge-local"]
/interface bridge remove [find name="bridge-local"]
:if ($wirelessEnabled = 1) do={
/interface set [find name~"wlan1"] name=wlan1
/interface wireless reset-configuration wlan1
}
}

You might also like