# routerboard: yes # model: CCR1036-8G-2S+ # revision: r3 # serial-number: D8390D904C81 # firmware-type: tilegx # factory-firmware: 6.45.9 # current-firmware: 7.18 # upgrade-firmware: 7.18 # # channel: stable # installed-version: 7.18 # # Flags: U - UNDOABLE # Columns: ACTION, BY, POLICY, TIME # ACTION BY POLICY TIME # U ospf-interface-1 changed marcos write 2025-03-01 10:21:58 # U ospf-interface-1 changed marcos write 2025-03-01 10:21:54 # U ospf-interface-7 changed marcos write 2025-03-01 10:21:43 # U ospf-interface-7 changed marcos write 2025-03-01 10:21:29 # U ospf-interface-7 changed marcos write 2025-03-01 10:21:16 # U ospf-interface-7 changed marcos write 2025-03-01 10:21:12 # # 2025-03-03 04:14:06 by RouterOS 7.18 # software id = SYBB-D6EM # # model = CCR1036-8G-2S+ # serial number = D8390D904C81 /interface bridge add igmp-snooping=yes igmp-version=3 multicast-querier=yes name=bridge_publicas add igmp-snooping=yes igmp-version=3 multicast-querier=yes name=bridge_vlan99 port-cost-mode=short /interface ethernet set [ find default-name=ether1 ] comment=LIBRE set [ find default-name=ether2 ] comment=LIBRE set [ find default-name=ether3 ] comment=LIBRE set [ find default-name=ether4 ] comment=LIBRE set [ find default-name=ether5 ] comment=LIBRE set [ find default-name=ether6 ] comment=LIBRE set [ find default-name=ether7 ] comment=LIBRE set [ find default-name=ether8 ] comment="MGMT - UNTAGGED VLAN99" set [ find default-name=sfp-sfpplus1 ] comment="TRUNK_MAIN (BGP_CORE)" set [ find default-name=sfp-sfpplus2 ] comment="TRUNK_MAIN - ( INSIDE )" /interface vlan add interface=sfp-sfpplus2 name=vlan10_R60 vlan-id=10 add interface=sfp-sfpplus2 name=vlan20_FLB vlan-id=20 add interface=sfp-sfpplus2 name=vlan21_BustosM vlan-id=21 add interface=sfp-sfpplus2 name=vlan23_GonzalezRoberto vlan-id=23 add interface=sfp-sfpplus2 name=vlan24_Sapino vlan-id=24 add interface=sfp-sfpplus2 name=vlan26_Pelegrina vlan-id=26 add interface=sfp-sfpplus2 name=vlan27_DistroPack vlan-id=27 add interface=sfp-sfpplus2 name=vlan28_EspinosaS vlan-id=28 add interface=sfp-sfpplus2 name=vlan70_SB vlan-id=70 add interface=sfp-sfpplus2 name=vlan71_AbeiC vlan-id=71 add interface=sfp-sfpplus2 name=vlan72_DosSantosS vlan-id=72 add interface=sfp-sfpplus2 name=vlan80_R50 vlan-id=80 add interface=sfp-sfpplus2 name=vlan81_GiordanoDR vlan-id=81 add interface=sfp-sfpplus2 name=vlan82_ChoqueAL vlan-id=82 add interface=sfp-sfpplus2 name=vlan99_IN vlan-id=99 add interface=sfp-sfpplus1 name=vlan99_OUT vlan-id=99 add interface=sfp-sfpplus2 name=vlan100_FO vlan-id=100 add interface=sfp-sfpplus2 name=vlan101_Navarro vlan-id=101 add interface=sfp-sfpplus2 name=vlan102_LemosDeLaVega vlan-id=102 add interface=sfp-sfpplus2 name=vlan105_BarrosoDG vlan-id=105 add interface=sfp-sfpplus2 name=vlan106_DiCarloB vlan-id=106 add interface=sfp-sfpplus2 name=vlan108_Andariego vlan-id=108 add interface=sfp-sfpplus2 name=vlan109_CiberCafe_SR vlan-id=109 add interface=sfp-sfpplus2 name=vlan130_3RA vlan-id=130 add interface=sfp-sfpplus2 name=vlan131_TowerCross vlan-id=131 add interface=sfp-sfpplus2 name=vlan150_JDN vlan-id=150 add interface=sfp-sfpplus2 name=vlan151_Sapino_JDN vlan-id=151 add interface=sfp-sfpplus2 name=vlan152_PueblaAF vlan-id=152 add interface=sfp-sfpplus2 name=vlan170_VQZ vlan-id=170 add interface=sfp-sfpplus2 name=vlan198 vlan-id=198 add interface=sfp-sfpplus2 name=vlan199 vlan-id=199 add interface=sfp-sfpplus2 name=vlan210_PDG vlan-id=210 add interface=sfp-sfpplus2 name=vlan320_ItalGAS vlan-id=320 add interface=sfp-sfpplus2 name=vlan501_GeoT vlan-id=501 add interface=sfp-sfpplus2 name=vlan542_AgroM vlan-id=542 add interface=sfp-sfpplus2 name=vlan1004_NETVIDEO vlan-id=1004 /interface list add name=lan-adm add name=INTERNET /interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no /ip pool add name=pool_vpn ranges=192.168.40.2-192.168.40.10 /ip smb users set [ find default=yes ] disabled=yes /port set 0 name=serial0 set 1 name=serial1 /ppp profile set *FFFFFFFE dns-server=1.1.1.1,8.8.8.8 local-address=192.168.40.1 only-one=yes remote-address=pool_vpn use-ipv6=no use-mpls=no /queue simple add max-limit=30720k/30720k name="Navarro Alejandro Fabian 168.197.196.6" priority=6/6 target=168.197.196.6/32 add max-limit=61440k/61440k name="Agro Malargue S.A. - 168.197.196.62" priority=5/5 target=168.197.196.62/32 add max-limit=51200k/307200k name="Alcaino Gonzalo - 168.197.196.45" priority=1/1 target=168.197.196.45/32 add max-limit=5120k/15360k name="Italgas s.a. - 168.197.196.18" priority=7/7 target=168.197.196.18/32 add max-limit=7168k/25600k name="Barroso Diego German - 168.197.196.37" priority=6/6 target=168.197.196.37/32 add max-limit=7168k/25600k name="Dos Santos Sidinei - 168.197.196.90" priority=6/6 target=168.197.196.90/32 add max-limit=7168k/25600k name="Bustos Maria Laura - 168.197.196.50" priority=6/6 target=168.197.196.50/32 add max-limit=7168k/25600k name="Sapino Hogar s.a.s - 168.197.196.66" priority=6/6 target=168.197.196.66/32 add max-limit=40960k/40960k name="Geotub S.A. - 168.197.196.10" priority=1/1 target=168.197.196.10/32 add max-limit=51200k/102400k name="Choque Leon Ariel Leonardo - 168.197.196.94" priority=1/1 target=168.197.196.94/32 add max-limit=7168k/25600k name="Sapino Gaston - 168.197.196.78" priority=6/6 target=168.197.196.78/32 add max-limit=5120k/15360k name="Tower Cross SA - 168.197.196.54" priority=7/7 target=168.197.196.54/32 add max-limit=7168k/25600k name="Andariego SA - 168.197.196.86" priority=6/6 target=168.197.196.86/32 add max-limit=7168k/25600k name="Gonzalez Roberto - 168.197.196.70" priority=6/6 target=168.197.196.70/32 add max-limit=5120k/15360k name="Puebla Amanda Florencia - 168.197.196.110" priority=7/7 target=168.197.196.110/32 /queue type set 0 pfifo-limit=100 set 9 pfifo-limit=100 /queue simple add comment="NOC Oficina" max-limit=100M/100M name=INET_NOC_199 priority=2/2 queue=default/default target=168.197.199.2/32 total-queue=default add limit-at=20M/20M max-limit=20M/20M name="Camara IP" priority=7/7 target=168.197.196.22/32 total-queue=ethernet-default add comment="NOC Oficina" max-limit=100M/100M name=INET_NOC_198 priority=2/2 queue=default/default target=168.197.198.10/32 total-queue=default /routing bgp template set default disabled=no output.network=bgp-networks /routing ospf instance add disabled=no name=backbone_v2 router-id=10.255.255.3 add disabled=no name=backbone_v3 originate-default=if-installed router-id=10.255.255.3 version=3 /routing ospf area add disabled=no instance=backbone_v2 name=ospf-backbone_v2 add disabled=no instance=backbone_v3 name=ospf-backbone_v3 /snmp community add addresses=192.168.200.253/32,192.168.200.155/32 authentication-protocol=SHA1 encryption-protocol=AES name=pnet /system logging action set 3 remote=192.168.200.168 add disk-file-count=5 disk-file-name=Critical name=CriticalLogs target=disk add disk-file-count=5 disk-file-name=Error name=ErrorLogs target=disk add disk-file-count=5 disk-file-name=Info name=InfoLogs target=disk add disk-file-count=5 disk-file-name=Interfaces name=InterfacesLogs target=disk add disk-file-count=5 disk-file-name=Warning name=WarningLogs target=disk add name=DudeLogs remote=192.168.200.253 remote-log-format=syslog syslog-facility=local6 target=remote add name=GrafanaLogs remote=192.168.200.168 remote-log-format=syslog src-address=10.99.0.100 target=remote add name=GrafanaLogsInfo remote=192.168.200.168 remote-log-format=syslog src-address=10.99.0.100 syslog-facility=local1 syslog-severity=info target=remote add name=GrafanaLogsAlert remote=192.168.200.168 remote-log-format=syslog src-address=10.99.0.100 syslog-severity=alert target=remote add disk-file-count=5 disk-file-name=OSPF name=OSPFLogs target=disk add disk-file-count=5 disk-file-name=DHCP name=DHCPLogs target=disk /user group add name=dude policy="local,reboot,read,write,test,winbox,web,rest-api,!telnet,!ssh,!ftp,!policy,!password,!sniff,!sensitive,!api,!romon" add name=pnet policy="local,telnet,ssh,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,rest-api,!ftp" add name=oxidized policy="ssh,read,!local,!telnet,!ftp,!reboot,!write,!policy,!test,!winbox,!password,!web,!sniff,!sensitive,!api,!romon,!rest-api" /interface bridge port add bridge=bridge_vlan99 ingress-filtering=no interface=vlan99_IN internal-path-cost=10 path-cost=10 add bridge=bridge_vlan99 ingress-filtering=no interface=vlan99_OUT internal-path-cost=10 path-cost=10 /interface l2tp-server server set authentication=mschap1,mschap2 enabled=yes one-session-per-host=yes use-ipsec=yes /interface list member add interface=ether8 list=lan-adm add interface=bridge_vlan99 list=lan-adm add interface=vlan210_PDG list=lan-adm add interface=vlan501_GeoT list=lan-adm add interface=sfp-sfpplus1 list=lan-adm /interface ovpn-server server add auth=sha1,md5 mac-address=FE:B1:68:59:51:5B name=ovpn-server1 /ip address add address=10.0.0.2/30 comment="Red SB_Core-2-SB_BGP" interface=sfp-sfpplus1 network=10.0.0.0 add address=10.99.0.100/24 comment=MGMT interface=bridge_vlan99 network=10.99.0.0 add address=10.10.0.81/28 comment="Troncal PEDREGAL" interface=vlan210_PDG network=10.10.0.80 add address=168.197.196.17/30 comment=ItalGAS interface=vlan320_ItalGAS network=168.197.196.16 add address=168.197.196.20/22 comment="Pool Publicas" interface=bridge_publicas network=168.197.196.0 add address=168.197.196.33/30 comment="Di Carlo Belen - VPN PPTP" interface=vlan106_DiCarloB network=168.197.196.32 add address=168.197.196.38/30 comment="Barroso Diego German" interface=vlan105_BarrosoDG network=168.197.196.36 add address=168.197.196.46/30 comment=CiberCafe interface=vlan109_CiberCafe_SR network=168.197.196.44 add address=168.197.198.9/30 comment="RB4011 - NOC - VLAN198" interface=vlan198 network=168.197.198.8 add address=168.197.199.1/29 comment="RB4011 - NOC - VLAN199" interface=vlan199 network=168.197.199.0 add address=168.197.196.57/30 comment="Abei Consultora" interface=vlan71_AbeiC network=168.197.196.56 add address=168.197.196.49/30 comment="Bustos Maria Laura" interface=vlan21_BustosM network=168.197.196.48 add address=168.197.196.9/30 comment=GeoTUBE interface=vlan501_GeoT network=168.197.196.8 add address=168.197.196.5/30 comment="Transporte Aconcagua" interface=vlan101_Navarro network=168.197.196.4 add address=168.197.196.61/30 comment=AgroM interface=vlan542_AgroM network=168.197.196.60 add address=168.197.196.137/28 comment="Troncal SB" interface=vlan70_SB network=168.197.196.128 add address=168.197.197.129/29 comment="Troncal R50-MLK" interface=vlan80_R50 network=168.197.197.128 add address=168.197.199.214/29 comment="Troncal FO" interface=vlan100_FO network=168.197.199.208 add address=168.197.196.69/30 comment=Acapulco interface=vlan23_GonzalezRoberto network=168.197.196.68 add address=168.197.196.53/30 comment="Tower Cross" interface=vlan131_TowerCross network=168.197.196.52 add address=168.197.196.65/30 comment=Sapino interface=vlan24_Sapino network=168.197.196.64 add address=168.197.196.73/30 comment=LemosDeLaVega interface=vlan102_LemosDeLaVega network=168.197.196.72 add address=168.197.197.161/28 comment="Troncal JDN-SR-BRS" interface=vlan150_JDN network=168.197.197.160 add address=168.197.198.193/28 comment="Troncal FLB-RDM" interface=vlan20_FLB network=168.197.198.192 add address=168.197.196.77/30 comment="Sapino Galpon Acceso Este" interface=vlan151_Sapino_JDN network=168.197.196.76 add address=168.197.199.201/29 comment="Troncal VQZ" interface=vlan170_VQZ network=168.197.199.200 add address=168.197.196.81/30 comment="Pelegrina Oscar Adrian" interface=vlan26_Pelegrina network=168.197.196.80 add address=168.197.196.201/29 comment="Troncal R60" interface=vlan10_R60 network=168.197.196.200 add address=168.197.196.85/30 comment="Andariego S.A." interface=vlan108_Andariego network=168.197.196.84 add address=168.197.196.41/30 comment=DISTROPACK interface=vlan27_DistroPack network=168.197.196.40 add address=168.197.198.185/29 comment="Troncal 3RA" interface=vlan130_3RA network=168.197.198.184 add address=168.197.196.97/29 comment=NETVIDEO+IPTV interface=vlan1004_NETVIDEO network=168.197.196.96 add address=10.255.255.3 comment=loopback interface=lo network=10.255.255.3 add address=168.197.196.13/30 comment="Giordano Diego" interface=vlan81_GiordanoDR network=168.197.196.12 add address=168.197.196.89/30 comment="Dos Santos Sidinei" interface=vlan72_DosSantosS network=168.197.196.88 add address=168.197.196.93/30 comment="Choque Ariel Leonardo" interface=vlan82_ChoqueAL network=168.197.196.92 add address=168.197.196.105/30 comment="Espinosa Silvana Daina - RDM" interface=vlan28_EspinosaS network=168.197.196.104 add address=168.197.196.109/30 comment="Puebla Amanda Florencia - SR" interface=vlan152_PueblaAF network=168.197.196.108 /ip dns set servers=8.8.8.8,2001:4860:4860::8888,1.1.1.1,2606:4700:4700::1111 /ip firewall address-list add address=200.160.7.193 list=servers_permitidos add address=146.164.48.5 list=servers_permitidos add address=200.58.111.49 list=servers_permitidos add address=10.10.0.3 comment=AP_SB-2-R60 list=routers_nodos add address=10.10.0.4 comment=ST_R60-2-SB list=routers_nodos add address=168.96.251.227 list=servers_permitidos add address=172.22.0.0/20 list=redes_pnet add address=168.197.196.0/22 list=redes_pnet add address=fast.com list=Fast add address=10.30.0.1 comment="MKT_NOC (DMZ)" disabled=yes list=routers_nodos add address=168.197.197.2 list=nat_publicas add address=168.197.197.4 list=nat_publicas add address=168.197.197.8 list=nat_publicas add address=168.197.197.9 list=nat_publicas add address=168.197.197.101 list=nat_publicas add address=168.197.198.4 list=nat_publicas add address=168.197.198.11 list=nat_publicas add address=168.197.198.13 list=nat_publicas add address=168.197.198.14 list=nat_publicas add address=168.197.198.18 list=nat_publicas add address=168.197.199.0/24 list=pool_199 add address=168.197.199.11 list=nat_publicas add address=172.22.4.0/24 list=redes_sr add address=10.10.0.16/29 list=redes_sr add address=172.22.11.0/24 list=redes_fo add address=10.10.0.56/29 list=redes_fo add address=172.22.15.0/24 list=redes_jdn add address=10.10.0.48/29 list=redes_jdn add address=172.22.13.0/24 list=redes_3ra add address=10.10.0.112/29 list=redes_3ra add address=172.22.12.0/24 list=redes_pedregal add address=10.10.0.80/28 list=redes_pedregal add address=172.22.5.0/24 list=redes_brs add address=10.10.0.120/29 list=redes_brs add address=www.speedtest.net list=Speed add address=172.22.1.0/24 list=redes_mec-cmp add address=10.10.0.128/29 list=redes_mec-cmp add address=172.22.10.0/24 list=redes_rdm add address=10.10.0.136/29 list=redes_rdm add address=172.31.0.2-172.31.0.10 comment=IPTV list=routers_nodos add list=spammer add list=blocked-addr add address=10.1.0.0/26 list=salida_tv add address=192.168.40.0/24 list=salida_tv add address=168.197.196.128/28 comment=Nodo_SB-1-PUBLICA list=fasttrack-nodos add address=168.197.197.96/28 comment=Nodo_FLB list=fasttrack-nodos add address=168.197.197.128/29 comment=Nodo_R50-PUBLICA list=fasttrack-nodos add address=168.197.199.208/29 comment=Nodo_FO-PUBLICA list=fasttrack-nodos add address=168.197.197.160/28 comment=Nodo_JDN-PUBLICA list=fasttrack-nodos add address=10.0.0.1 comment=BGP_Core list=routers_nodos add address=168.197.196.200/29 comment=Nodo_R60-PUBLICA list=fasttrack-nodos add address=168.197.199.200/29 comment=Nodo_VQZ-PUBLICA list=fasttrack-nodos add address=172.22.1.0/24 disabled=yes list=redes-locales add address=172.22.12.0/24 list=redes-locales add address=172.22.13.0/24 list=redes-locales add address=172.22.14.0/24 list=redes-locales add address=192.168.200.0/24 list=redes-locales add address=168.197.198.184/29 comment=Nodo_3RA-PUBLICA list=fasttrack-nodos add address=168.197.196.96/29 comment=NETVIDEO+IPTV list=fasttrack-nodos add list=ddos-attackers add list=ddos-targets /ip firewall filter add action=fasttrack-connection chain=forward comment="default configuration" connection-state=established,related hw-offload=yes src-address-list=fasttrack-nodos add action=accept chain=input comment="Echo request - Evitar Ping Flood" disabled=yes icmp-options=8:0 limit=1,5:packet protocol=icmp add action=accept chain=input comment="Echo reply" disabled=yes icmp-options=0:0 protocol=icmp add action=drop chain=input comment="Drop ICMP" disabled=yes protocol=icmp add action=drop chain=input comment="Drop escaneadores de puertos" src-address-list="port scanners" add action=add-src-to-address-list address-list="port scanners" address-list-timeout=4w2d chain=input comment="------Escaneadores de puertos" protocol=tcp psd=10,3s,3,1 add action=add-src-to-address-list address-list="port scanners" address-list-timeout=4w2d chain=input comment="------NMAP FIN Stealth scan" protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg add action=add-src-to-address-list address-list="port scanners" address-list-timeout=4w2d chain=input comment="------SYN/FIN scan" protocol=tcp tcp-flags=fin,syn add action=add-src-to-address-list address-list="port scanners" address-list-timeout=4w2d chain=input comment="------SYN/RST scan" protocol=tcp tcp-flags=syn,rst add action=add-src-to-address-list address-list="port scanners" address-list-timeout=4w2d chain=input comment="------FIN/PSH/URG scan" protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack add action=add-src-to-address-list address-list="port scanners" address-list-timeout=4w2d chain=input comment="------ALL/ALL scan" protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg add action=add-src-to-address-list address-list="port scanners" address-list-timeout=4w2d chain=input comment="------NMAP NULL scan" protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg add action=return chain=detect-ddos comment="Protection against DDoS" dst-limit=32,32,src-and-dst-addresses/10s add action=add-dst-to-address-list address-list=ddos-targets address-list-timeout=10m chain=detect-ddos add action=add-src-to-address-list address-list=ddos-attackers address-list-timeout=10m chain=detect-ddos add action=accept chain=input comment="Allow Established/Related/Untracked connections" connection-state=established,related,untracked add action=drop chain=input comment="Drop invalid connections" connection-state=invalid add action=accept chain=input comment="Allow ICMP" protocol=icmp add action=accept chain=input comment="Allow OSPF" in-interface=bridge_vlan99 protocol=ospf add action=accept chain=input in-interface=lo protocol=ospf add action=accept chain=input comment="Allow L2TP" disabled=yes dst-port=1701,500,4500 protocol=udp add action=accept chain=input disabled=yes protocol=ipsec-esp add action=accept chain=input comment="Allow UDP" dst-port=53,67,123,161 protocol=udp add action=accept chain=input comment=Oxidixed dst-port=22 in-interface=bridge_vlan99 protocol=tcp add action=accept chain=input comment="Allow TCP" dst-port=8091,8240,8291 protocol=tcp add action=accept chain=input comment="Bandwidth Test" dst-port=2000 protocol=tcp add action=accept chain=input comment=API dst-port=8728 protocol=tcp add action=log chain=input comment="Log everything else" disabled=yes log-prefix="DROP INPUT" add action=drop chain=input comment="Drop everything else" add action=drop chain=forward comment="Block Rule" dst-address=!192.168.200.0/24 dst-port=!9081,3380,3322,6680 protocol=tcp src-address-list=Clientes-Cortados add action=drop chain=forward dst-address=!192.168.200.0/24 protocol=udp src-address-list=Clientes-Cortados /ip firewall nat add action=dst-nat chain=dstnat comment="DNAT Server Netvideo - MASTER" dst-address=10.100.1.2 to-addresses=10.1.0.27 add action=src-nat chain=srcnat comment="Salida INET_Equipos Nodos (168.197.197.1)" out-interface=sfp-sfpplus1 src-address-list=routers_nodos to-addresses=168.197.197.1 add action=src-nat chain=srcnat comment="Salida INET_Core-CCR1036" out-interface=sfp-sfpplus1 src-address=10.0.0.2 to-addresses=168.197.196.20 /ip firewall raw add action=notrack chain=prerouting comment="Conntrack - fixed GRE protocol packet connection-state matching" protocol=gre add action=drop chain=prerouting comment="Protection against DDoS" dst-address-list=ddos-targets src-address-list=ddos-attackers add action=notrack chain=prerouting comment="No track - OSPF" protocol=ospf add action=notrack chain=output protocol=ospf /ip firewall service-port set ftp disabled=yes set tftp disabled=yes set h323 disabled=yes set sip disabled=yes set pptp disabled=yes set udplite disabled=yes set dccp disabled=yes set sctp disabled=yes /ip ipsec profile set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 /ip route add comment="Default GW" disabled=no distance=10 dst-address=0.0.0.0/0 gateway=10.0.0.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add comment="Sensor en GeoTube (TP-Link)" disabled=yes distance=1 dst-address=192.168.30.0/29 gateway=10.10.0.102 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add comment=TEMP disabled=yes dst-address=192.168.100.0/24 gateway=10.10.0.102 add comment=RED_NOC disabled=yes distance=1 dst-address=192.168.200.0/24 gateway=10.99.0.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add comment=RED_VPN-L2TP disabled=no distance=1 dst-address=10.100.0.0/24 gateway=10.99.0.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add comment=RED_VPN-WireGuard disabled=yes distance=1 dst-address=10.100.2.0/24 gateway=10.99.0.1 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add comment=RED_TRR disabled=no distance=1 dst-address=192.168.60.0/24 gateway=10.99.0.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add comment=TRONCAL_TRR disabled=yes distance=1 dst-address=10.10.0.96/29 gateway=10.30.0.1 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add comment=RED_VPN-WireGuard-bck1 disabled=yes distance=1 dst-address=10.100.3.0/24 gateway=10.99.0.5 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 /ipv6 route add comment=DEFAULT_GW disabled=no distance=10 dst-address=::/0 gateway=fd00:0:0:4::1111 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add comment=AIRE_3RA disabled=no distance=1 dst-address=2803:d8c0:4004::/48 gateway=2803:d8c0:c000:4:ce2d:e0ff:fe54:e2e8 routing-table=main suppress-hw-offload=no add comment=AIRE_JDN disabled=no distance=1 dst-address=2803:d8c0:4005::/48 gateway=2803:d8c0:c000:5:6e3b:6bff:feef:1580 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add comment=AIRE_SB disabled=no distance=1 dst-address=2803:d8c0:4000::/48 gateway=2803:d8c0:c000:0:c6ad:34ff:fe81:ac44 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add comment=FTTH_SB disabled=no distance=1 dst-address=2803:d8c0::/48 gateway=2803:d8c0:c000:0:c6ad:34ff:fe81:ac44 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add comment=AIRE_FLB disabled=no distance=1 dst-address=2803:d8c0:4002::/48 gateway=2803:d8c0:c000:2:de2c:6eff:fe52:828 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 add comment=FTTH_FLB disabled=no distance=1 dst-address=2803:d8c0:2::/48 gateway=2803:d8c0:c000:2:de2c:6eff:fe52:828 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes port=8091 set ssh address=192.168.200.155/32 set api address=168.197.196.100/32 set winbox port=8240 set api-ssl disabled=yes /ip smb shares set [ find default=yes ] directory=/pub /ipv6 address add address=2803:d8c0:c000:0:a55:31ff:fe2b:4f45 advertise=no eui-64=yes interface=vlan70_SB add address=fc00::2222 advertise=no interface=lo add address=2803:d8c0:c000:1:a55:31ff:fe2b:4f45 advertise=no eui-64=yes interface=vlan80_R50 add address=2803:d8c0:c000:2:a55:31ff:fe2b:4f45 advertise=no eui-64=yes interface=vlan20_FLB add address=2803:d8c0:c000:3:a55:31ff:fe2b:4f45 advertise=no eui-64=yes interface=vlan100_FO add address=fd00:0:0:4::2222 advertise=no comment=OUTSIDE interface=sfp-sfpplus1 add address=2803:d8c0:c000:10:a55:31ff:fe2b:4f45 advertise=no eui-64=yes interface=vlan198 add address=2803:d8c0:c000:4:a55:31ff:fe2b:4f45 advertise=no eui-64=yes interface=vlan130_3RA add address=2803:d8c0:c000:5:a55:31ff:fe2b:4f45 advertise=no eui-64=yes interface=vlan150_JDN /ipv6 firewall filter add action=accept chain=input comment="Allow: accept established,related,untracked" connection-state=established,related,untracked add action=drop chain=input comment="Deny: drop invalid" connection-state=invalid add action=accept chain=input comment="Allow: accept ICMPv6" protocol=icmpv6 add action=accept chain=input comment="Allow: accept UDP" protocol=udp add action=accept chain=input comment="Allow: accept UDP traceroute" disabled=yes port=33434-33534 protocol=udp add action=accept chain=input comment="Allow: accept DHCPv6-Client prefix delegation." disabled=yes dst-port=546 protocol=udp src-address=fe80::/10 add action=accept chain=input comment="Allow: accept OSPF" protocol=ospf add action=accept chain=input comment="Allow: accept IGMP" protocol=igmp add action=drop chain=input comment="Deny: drop all" /lcd set backlight-timeout=never color-scheme=dark default-screen=stat-slideshow read-only-mode=yes touch-screen=disabled /lcd interface set sfp-sfpplus1 disabled=yes set ether1 disabled=yes set ether2 disabled=yes set ether3 disabled=yes set ether4 disabled=yes set ether5 disabled=yes set ether6 disabled=yes set ether7 disabled=yes set ether8 disabled=yes /ppp secret add name=ppp_marcos profile=default-encryption /routing bfd configuration add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5 /routing ospf interface-template add area=ospf-backbone_v2 disabled=no networks=10.99.0.0/24 add area=ospf-backbone_v3 disabled=yes interfaces=vlan70_SB type=ptp add area=ospf-backbone_v3 disabled=yes interfaces=vlan20_FLB type=ptp add area=ospf-backbone_v3 disabled=no interfaces=vlan80_R50 type=ptp add area=ospf-backbone_v3 disabled=no interfaces=vlan100_FO type=ptp add area=ospf-backbone_v3 disabled=no interfaces=vlan198 type=ptp add area=ospf-backbone_v2 disabled=no interfaces=lo /snmp set contact=noc@puntonetinternet.com enabled=yes location="Nodo SB" trap-community=pnet trap-generators=interfaces trap-interfaces=bridge_vlan99 trap-version=2 /system clock set time-zone-autodetect=no time-zone-name=America/Argentina/Mendoza /system identity set name="SB_Nodo-2 (CCR1036-8G-2S+)" /system logging set 1 action=ErrorLogs set 2 action=WarningLogs set 3 action=CriticalLogs add action=InterfacesLogs topics=interface add action=GrafanaLogs topics=system,info,account add action=GrafanaLogsAlert topics=system,error add action=GrafanaLogsInfo topics=system,info add action=DudeLogs topics=info add action=OSPFLogs topics=route,ospf add action=DHCPLogs topics=dhcp,info /system note set show-at-login=no /system ntp client set enabled=yes /system ntp client servers add address=146.164.48.5 add address=216.239.35.12 /system routerboard settings set auto-upgrade=yes /system scheduler add interval=2w1d name="Envio de Backups por Correo" on-event=backup_mail policy=reboot,read,write,test,sniff,sensitive,romon start-date=2023-04-06 start-time=04:00:00 add name=Reinicio-1 on-event="/system reboot" policy=reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2025-02-28 start-time=05:00:00 add name=Reinicio-2 on-event="/system reboot" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2025-02-28 start-time=05:10:00 /system script add dont-require-permissions=no name=backup_mail owner=marcos policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":log info \"backup beginning now\"\r\n:global backupfile ([/system identity get name] . \"-\" . [/system clock\_get time])\r\n/system backup save name=\$backupfile\r\n:log info \"backup pausing for 10s\"\r\n:delay 10s\r\n:log info \"backup being emailed\"\r\n/tool e-mail send to=puntonetinet@gmail.com subject=([/system identity get name] . \\ \" Backup\") from=\"MKT SB_Core (CCR1036-8G-2S+) \" file=\$backupfile \r\n:log info \"backup finished\"" /tool e-mail set from="SB_Core (CCR1036-8G-2S+) " port=465 server=mail.puntonetinternet.com tls=yes user=noc@puntonetinternet.com /tool netwatch add comment=SILICA-MASTER-PEER disabled=yes down-script=":log info \"Ping caido a Silica-Master\";\r\n/tool e-mail send to=pozziandres@gmail.com cc=emi.puntonet@gmail.com from=\"MKT SB_Nodo-2 (CCR1036-8G-2S+) \" subject=\"Ping caido a SILICA-MASTER-PEER\" body=\"SILICA-MASTER CAIDO\"" host=10.32.64.185 http-codes="" test-script="" timeout=10s type=simple up-script=":log info \"Ping restablecido a Silica-Master\";\r\n/tool e-mail send to=pozziandres@gmail.com cc=emi.puntonet@gmail.com from=\"MKT SB_Nodo-2 (CCR1036-8G-2S+) \" subject=\"Ping restablecido a SILICA-MASTER-PEER\" body=\"SILICA-MASTER OK\"" add comment=SILICA-BACKUP-PEER disabled=yes down-script=":log info \"Ping caido a Silica-Slave\";\r\n/tool e-mail send to=pozziandres@gmail.com cc=emi.puntonet@gmail.com from=\"MKT SB_Nodo-2 (CCR1036-8G-2S+) \" subject=\"Ping caido a SILICA-BACKUP-PEER\" body=\"SILICA-BACKUP CAIDO\"" host=10.32.48.209 http-codes="" test-script="" timeout=10s type=simple up-script=":log info \"Ping restablecido a Silica-Slave\";\r\n/tool e-mail send to=pozziandres@gmail.com cc=emi.puntonet@gmail.com from=\"MKT SB_Nodo-2 (CCR1036-8G-2S+) \" subject=\"Ping restablecido a SILICA-BACKUP-PEER\" body=\"SILICA-BACKUP OK\"" add comment=PEERING-WESTNET disabled=yes down-script=":log info \"Ping caido a\_Peering-Westnet\";\r\n/tool e-mail send to=pozziandres@gmail.com cc=mjbenegas@gmail.com from=\"MKT SB_Nodo-2 (CCR1036-8G-2S+) \" subject=\"Ping caido a PEERING-WESTNET\" body=\"WESTNET CAIDO\"" host=172.28.251.37 http-codes="" test-script="" timeout=10s type=simple up-script=":log info \"Ping restablecido a Peering-Westnet\";\r\n/tool e-mail send to=pozziandres@gmail.com cc=mjbenegas@gmail.com from=\"MKT SB_Nodo-2 (CCR1036-8G-2S+) \" subject=\"Ping restablecido a PEERING-WESTNET\" body=\"WESTNET OK\"" add comment=MONITOREO-WESTNET disabled=yes down-script=":log info \"Ping caido a Monitoreo-Westnet\";" host=172.28.252.33 http-codes="" test-script="" timeout=10s type=simple up-script=":log info \"Ping restablecido a Monitoreo-Westnet\";" add comment=PEERING-MEGAS disabled=yes down-script=":log info \"Ping caido a Peering-Westnet\";\r\n/tool e-mail send to=pozziandres@gmail.com cc=mjbenegas@gmail.com from=\"MKT SB_Nodo-2 (CCR1036-8G-2S+) \" subject=\"Ping caido a PEERING-MEGAS\" body=\"MEGAS MAYORISTAS CAIDO\"" host=172.16.40.1 http-codes="" test-script="" timeout=10s type=simple up-script=":log info \"Ping restablecido a Peering-Westnet\";\r\n/tool e-mail send to=pozziandres@gmail.com cc=mjbenegas@gmail.com from=\"MKTSB_Nodo-2 (CCR1036-8G-2S+) \" subject=\"Ping restablecido a PEERING-MEGAS\" body=\"MEGAS MAYORISTAS OK\""