# routerboard: yes # board-name: PowerBox Pro # model: 960PGS # serial-number: 7D5207A81F99 # firmware-type: qca9550L # factory-firmware: 3.34 # current-firmware: 6.49.18 # upgrade-firmware: 6.49.18 # # channel: long-term # installed-version: 6.49.18 # # Flags: U - undoable, R - redoable, F - floating-undo # ACTION BY POLICY # # software id = F6BF-00EM # # model = 960PGS # serial number = 7D5207A81F99 /interface bridge add disabled=yes name=bridge_TEMP add name=bridge_vlan13 add fast-forward=no name=bridge_vlan35 add name=bridge_vlan131 add name=bridge_vlan501 add name=bridge_vlan502 add igmp-snooping=yes igmp-version=3 multicast-querier=yes name=bridge_vlan1005 /interface ethernet set [ find default-name=ether1 ] comment=To_MKT_GeoTub mac-address=CC:2D:E0:14:9A:C0 set [ find default-name=ether2 ] comment=Sensor mac-address=CC:2D:E0:14:9A:C1 poe-out=off set [ find default-name=ether3 ] comment="Troncal Geo-2-TRR" mac-address=CC:2D:E0:14:9A:C2 poe-out=forced-on set [ find default-name=ether4 ] comment="PtP airFiber5XHD - Troncal Geo-2-3RA" mac-address=CC:2D:E0:14:9A:C3 poe-out=off set [ find default-name=ether5 ] comment=Geo_AMO mac-address=CC:2D:E0:14:9A:C4 poe-out=forced-on set [ find default-name=sfp1 ] disabled=yes mac-address=CC:2D:E0:14:9A:C5 /interface vlan add interface=ether4 name=vlan13 vlan-id=13 add interface=ether3 name=vlan35_IN vlan-id=35 add interface=ether4 name=vlan35_OUT vlan-id=35 add interface=ether1 name=vlan35_TRR-cliente-GeoT vlan-id=35 add comment=TEMP disabled=yes interface=ether4 name=vlan36_TEMP vlan-id=36 add interface=ether4 name=vlan131_TowerIN vlan-id=131 add interface=ether5 name=vlan131_TowerOUT vlan-id=131 add interface=ether4 name=vlan501 vlan-id=501 add interface=ether1 name=vlan501_SB-cliente-GeoT vlan-id=501 add interface=ether4 name=vlan502 vlan-id=502 add comment=NETVIDEO interface=ether3 name=vlan1005 vlan-id=1005 add comment=TEMP interface=ether3 name=vlan_36_TEMP vlan-id=36 add interface=ether3 name=vlan_502 vlan-id=502 add comment=NETVIDEO interface=ether4 name=vlan_1005 vlan-id=1005 /interface list add name=MGMT /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /snmp community add addresses=192.168.200.0/24 authentication-protocol=SHA1 encryption-protocol=AES name=pnet /system logging action add disk-file-count=5 disk-file-name=Error name=ErrorLogs target=disk add disk-file-count=5 disk-file-name=Info name=InfoLogs target=disk add disk-file-count=5 disk-file-name=Critical name=CriticalLogs target=disk add disk-file-count=5 disk-file-name=Interfaces name=InterfacesLogs target=disk add disk-file-count=5 disk-file-name=Warning name=WarningLogs target=disk add name=GrafanaLogs remote=192.168.200.168 target=remote /user group set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp" add name=dude policy="local,reboot,read,write,test,winbox,web,dude,!telnet,!ssh,!ftp,!policy,!password,!sniff,!sensitive,!api,!romon,!tikapp" add name=pnet policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp" add name=oxidized policy="ssh,read,!local,!telnet,!ftp,!reboot,!write,!policy,!test,!winbox,!password,!web,!sniff,!sensitive,!api,!romon,!dude,!tikapp" #error exporting /interface bridge calea /interface bridge port add bridge=bridge_vlan13 interface=vlan13 add bridge=bridge_vlan35 interface=vlan35_IN add bridge=bridge_vlan35 interface=vlan35_TRR-cliente-GeoT add bridge=bridge_vlan35 interface=vlan35_OUT add bridge=bridge_vlan501 interface=vlan501 add bridge=bridge_vlan501 interface=vlan501_SB-cliente-GeoT add bridge=bridge_vlan502 interface=vlan502 add bridge=bridge_vlan502 interface=vlan_502 add bridge=bridge_vlan13 interface=ether5 add bridge=bridge_vlan13 interface=ether2 add bridge=bridge_vlan131 interface=vlan131_TowerIN add bridge=bridge_vlan131 interface=vlan131_TowerOUT add bridge=bridge_TEMP interface=vlan_36_TEMP add bridge=bridge_TEMP interface=vlan36_TEMP add bridge=bridge_vlan1005 interface=vlan1005 add bridge=bridge_vlan1005 interface=vlan_1005 /ip neighbor discovery-settings set discover-interface-list=MGMT /interface list member add interface=ether3 list=MGMT add interface=ether2 list=MGMT add interface=ether4 list=MGMT /ip address add address=10.10.0.76/29 interface=ether3 network=10.10.0.72 add address=192.168.36.1/30 interface=vlan36_TEMP network=192.168.36.0 /ip dns set servers=1.1.1.1,8.8.8.8 #error exporting /ip firewall calea /ip firewall filter add action=accept chain=input comment="Allow Established/Related connections" connection-state=established,related add action=drop chain=input comment="Drop invalid connections" connection-state=invalid add action=accept chain=input comment="Allow UDP" protocol=udp add action=accept chain=input comment="Allow ICMP" protocol=icmp add action=accept chain=input comment=Oxidized dst-port=22 in-interface=ether3 protocol=tcp add action=accept chain=input comment="Allow WinBox" dst-port=8291 protocol=tcp add action=accept chain=input comment="BW test" dst-port=2000 protocol=tcp add action=jump chain=input comment="synflood policy3" disabled=yes jump-target=syn-flood protocol=tcp tcp-flags=syn add action=accept chain=syn-flood disabled=yes limit=100,5:packet add action=drop chain=syn-flood disabled=yes add action=drop chain=input comment="Drop excess pings" disabled=yes protocol=icmp add action=log chain=input comment="Log everything else" disabled=yes log-prefix="DROP INPUT" add action=drop chain=input comment="Drop everything else" /ip firewall nat add action=masquerade chain=srcnat comment="Inet SB" disabled=yes out-interface=vlan501 add action=masquerade chain=srcnat comment="Inet TRR" disabled=yes out-interface=vlan35_IN add action=masquerade chain=srcnat comment="NAT monitoreo sensor de energia" disabled=yes out-interface=ether5 /ip firewall service-port set ftp disabled=yes set tftp disabled=yes set irc disabled=yes set h323 disabled=yes set sip disabled=yes set pptp disabled=yes set udplite disabled=yes set dccp disabled=yes set sctp disabled=yes /ip route add distance=1 gateway=10.10.0.73 /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set ssh address=192.168.200.155/32 set api disabled=yes set api-ssl disabled=yes /snmp set contact=pnet@puntonetinternet.com enabled=yes location="Nodo GeoTube" trap-community=pnet trap-version=2 /system clock set time-zone-name=America/Argentina/Mendoza /system identity set name="Geo_Nodo (960PGS)" /system logging set 0 action=InfoLogs set 1 action=ErrorLogs set 2 action=WarningLogs set 3 action=CriticalLogs add action=GrafanaLogs topics=interface add action=GrafanaLogs topics=account add action=GrafanaLogs topics=backup add action=GrafanaLogs topics=firewall /system ntp client set enabled=yes primary-ntp=192.168.200.1 secondary-ntp=10.99.0.1 /system package update set channel=long-term /system routerboard settings set auto-upgrade=yes /system scheduler add disabled=yes name=Upgrade_routerOS on-event="/system reboot" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=may/25/2019 start-time=05:00:00 add name=Reinicio-1 on-event="/system reboot" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jul/09/2025 start-time=05:00:00 add interval=15m name=Monitor_power on-event=voltmonitor policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-time=startup add disabled=yes interval=30s name=InterfaceState on-event=InterfaceState policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-time=startup add interval=2w1d name=backup_mail on-event=backup_mail policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=apr/05/2023 start-time=04:00:00 add name=Reinicio-2 on-event="/system reboot" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jul/09/2025 start-time=05:10:00 /system script add dont-require-permissions=no name=voltmonitor owner=andres policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":global lowvoltalarm 225\r\n:global highvoltalarm 280\r\n:global highvolt\r\n:global lowvolt\r\n:global starttime\r\n:global hivolttime\r\n:global lovolttime\r\n:global vh\r\n:global lastvoltage\r\n:local thisbox [/system identity get name]\r\n:global voltage [/system health get voltage]\r\n:local thistime [/system clock get time]\r\n:local thisdate [/system clock get date]\r\n:local thishour [:pick \$thistime 0 2]\r\n:local emessage (\$thisbox . \"El voltaje es: \" . [:pick \$voltage 0 2]\_. \".\" . [:pick \$voltage 2 3])\r\n:if ([:len \$lowvolt] < 1) do={:set lowvolt 999; :set highvolt 0}\r\n#\r\n:if (\$voltage <= \$lowvoltalarm and \$lastvoltage > \$lowvoltalarm) do={/tool e-mail send to=pozziandres@gmail.com subject=\"\$thisbox Estad\EDsticas de voltaje\" body=\$emessage}\r\n:if (\$voltage >= \$lowvoltalarm and \$lastvoltage < \$lowvoltalarm) do={/tool e-mail send to=pozziandres@gmail.com subject=\"\$thisbox Estad\EDsticas de voltaje\" body=\$emessage}\r\n:if (\$voltage >= \$highvoltalarm) do={/tool e-mail send to=mjbenegas@gmail.com subject=\"\$thisbox Estad\EDsticas de voltaje\" body=\$emessage}\r\n:if (\$voltage > \$highvolt) do={:set highvolt \$voltage; :set hivolttime (\$thistime . \" \" . \$thisdate)}\r\n:if (\$voltage < \$lowvolt) do={:set lowvolt \$voltage; :set lovolttime (\$thistime . \" \" . \$thisdate)}\r\n:if ([:len \$vh] > 0) do={:set vh ([:toarray \$voltage] + \$vh)} else={:set vh [:toarray \$voltage]}\r\n:if ([:len \$starttime] < 1) do={:set starttime (\$thistime . \" \" . \$thisdate)}\r\n:if (\$thishour = \"23\") do={:execute \$voltreport}\r\n:set \$lastvoltage \$voltage" add dont-require-permissions=no name=InterfaceState owner=marcos policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":global InterfaceID\r\n:global InterfaceState\r\n\r\n:local findindex\r\n:local prevstate\r\n:local curstate\r\n:local tmpstate\r\n\r\n/interface {\r\n\r\n :foreach i in=[find] do={\r\n :set curstate [:tostr [get \$i running]]\r\n :if ([:len \$curstate] = 0) do={ :set curstate [:tostr false] }\r\n\r\n :set findindex [:find [:toarray \$InterfaceID] [:tostr \$i]]\r\n :if ([:len \$findindex] > 0) do={\r\n# interface found. compare it's current state to previous state\r\n :set prevstate [:tostr [:pick [:toarray \$InterfaceState] \$findindex]]\r\n\r\n :if ( \$prevstate != \$curstate ) do={\r\n# --- start interface state change action ---\r\n\r\n :put ([get \$i name] . \" running state changed: \" . \$prevstate . \" -> \" . \$curstate)\r\n :log info ([get \$i name] . \" running state changed: \" . \$prevstate . \" -> \" . \$curstate)\r\n\r\n# --- end interface state change action ---\r\n\r\n# update interface record with new state\r\n :set tmpstate \"\"\r\n :for x from=0 to=([:len [:toarray \$InterfaceState]] - 1) do={\r\n :set prevstate [:tostr [:pick [:toarray \$InterfaceState]\_\$x]]\r\n :if (\$x = \$findindex) do={\r\n :set tmpstate ([:tostr \$tmpstate] . \$curstate . \",\") } else={\r\n :set tmpstate ([:tostr \$tmpstate] . \$prevstate . \",\") }\r\n }\r\n :set InterfaceState [:tostr \$tmpstate]\r\n\r\n# end if ( \$prevstate != \$curstate )\r\n }\r\n\r\n } else={\r\n\r\n# interface wasn't found, record it's state\r\n :set InterfaceID ([:tostr \$InterfaceID] . [:tostr \$i] . \",\")\r\n :set InterfaceState ([:tostr \$InterfaceState] . [get \$i running] . \",\")\r\n\r\n }\r\n\r\n# end foreach i\r\n }\r\n# /interface\r\n}" add dont-require-permissions=no name=backup_mail owner=marcos policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":log info \"backup beginning now\"\r\n:global backupfile ([/system identity get name] . \"-\" . [/system clock\_get time])\r\n/system backup save name=\$backupfile\r\n:log info \"backup pausing for 10s\"\r\n:delay 10s\r\n:log info \"backup being emailed\"\r\n/tool e-mail send to=puntonetinet@gmail.com subject=([/system identity get name] . \\ \" Backup\") from=\"MKT Geo_Core (750UP r2) \" file=\$backupfile \r\n:log info \"backup finished\"" add dont-require-permissions=no name=voltreport owner=marcos policy=reboot,read,write,policy,test,password,sniff,sensitive,romon source=":global highvolt\r\n:global lowvolt\r\n:global hivolttime\r\n:global lovolttime\r\n:global starttime\r\n:global vh\r\n:local tvolt\r\n:local thisbox [/system identity get name]\r\n:local thisdate [/system clock get date]\r\n:local thishour\r\n:local emessage \"Informe diario de voltaje para \$thisbox en \$thisdate\\n\\n\"\r\n:if ([:len \$vh] > 0) do={\r\n :for x from=0 to=([:len \$vh]-1) step=1 do={\r\n :set tvolt [:tostr [:pick \$vh \$x]]\r\n :set thishour [:tostr (23 - \$x)]\r\n :while ([:len \$thishour] < 2) do={:set thishour (\"0\" . \$thishour)}\r\n :set emessage (\$emessage . \$thishour . \":00 = \" . [:pick \$tvolt 0 2] . \".\" . [:pick \$tvolt 2 3] . \"\\n\")\r\n }\r\n :set emessage (\$emessage . \"\\nSince voltmonitor started on \" . \$starttime . \"\\n\")\r\n :set tvolt [:tostr \$highvolt]\r\n :set emessage (\$emessage . \"Maximo = \" . [:pick \$tvolt 0 2] . \".\" . [:pick \$tvolt 2 3] . \"v at \" . \$hivolttime . \"\\n\")\r\n :set tvolt [:tostr \$lowvolt]\r\n :set emessage (\$emessage . \"Minimo = \" . [:pick \$tvolt 0 2] . \".\" . [:pick \$tvolt 2 3] . \"v at \" . \$lovolttime . \"\\n\")\r\n#\r\n /tool e-mail send to=mjbenegas@gmail.com cc=pozziandres@gmail.com subject=\"\$thisbox Informe de voltaje\" body=\$emessage\r\n :log info \"Reporte enviado\"\r\n}\r\n# remark out the next line for testing to avoid resetting the voltage array\r\n#:set vh" /system watchdog set watch-address=10.10.0.73 /tool e-mail set address=mail.puntonetinternet.com from="MKT Geo_Core (960PGS) " password=***** port=587 user=noc@puntonetinternet.com /tool graphing interface add