#        routerboard: yes              
#              model: CCR1009-7G-1C-1S+
#      serial-number: D56C0C6825CC     
#      firmware-type: tilegx           
#   factory-firmware: 6.44.6           
#   current-firmware: 7.19.4           
#   upgrade-firmware: 7.19.6           
# 
#             channel: stable
#   installed-version: 7.19.6
# 
# 
# 2025-10-01 06:16:06 by RouterOS 7.19.6
# software id = VAJQ-6NSL
#
# model = CCR1009-7G-1C-1S+
# serial number = D56C0C6825CC
/interface bridge
add fast-forward=no igmp-snooping=yes igmp-version=3 mld-version=2 multicast-querier=yes name=bridge_vlan99
/interface ethernet
set [ find default-name=ether1 ] comment="MGMT - UNTAGGED VLAN99"
set [ find default-name=sfp-sfpplus1 ] comment=TRUNK_MAIN
/interface vlan
add interface=sfp-sfpplus1 name=vlan99 vlan-id=99
add comment=PUBICAS+IPV6 interface=sfp-sfpplus1 name=vlan1070 vlan-id=1070
add comment=WESTNET_FTTH interface=sfp-sfpplus1 name=vlan2861 vlan-id=2861
/interface list
add name=MGMT
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pppoe-pool-sb ranges=168.197.196.227-168.197.196.253
add name=pppoe-pool-ftth ranges=172.16.8.5-172.16.8.254,172.16.9.1-172.16.9.254
/ipv6 pool
add name=pppoe-pool-sb-ipv6 prefix=2803:d8c0:8000::/48 prefix-length=60
/port
set 0 name=serial0
set 1 name=serial1
/ppp profile
add dhcpv6-pd-pool=pppoe-pool-sb-ipv6 dns-server=1.1.1.2,1.0.0.2 local-address=168.197.196.226 name=pppoe-sb only-one=yes queue-type=default-small/default-small remote-address=pppoe-pool-sb use-mpls=no
add name=T-PLATIN rate-limit="7168k/25600k 0 0 0 6 0k/0k"
add name=SILVER rate-limit="51200k/102400k 0 0 0 1 0k/0k"
add local-address=168.197.196.226 name=PLATINUM rate-limit="7168k/25600k 0 0 0 6 0k/0k" remote-address=pppoe-pool-sb use-compression=no
add name=NODO rate-limit="20480k/102400k 0 0 0 1 0k/0k"
add name=MUNIPLAT rate-limit="7168k/20480k 0 0 0 1 0k/0k"
add name=HIBUSS rate-limit="12288k/12288k 0 0 0 1 0k/0k"
add name=GOLD rate-limit="5120k/15360k 0 0 0 7 0k/0k"
add name=GEOTUB rate-limit="50960k/50960k 0 0 0 1 0k/0k"
add local-address=172.16.8.1 name=DIAMOND rate-limit=900M/900M remote-address=pppoe-pool-ftth use-compression=no
add name="CABA\D1AS" rate-limit="30720k/51200k 0 0 0 1 0k/0k"
add name=BUSINESS rate-limit="61440k/61440k 0 0 0 5 0k/0k"
add name=FA6M rate-limit="25000k/100000k 0 0 0 1 0k/0k"
add name=LTU rate-limit="20480k/71680k 0 0 0 1 0k/0k"
add dns-server=185.180.9.62 local-address=172.16.8.1 name=pppoe-ftth only-one=yes queue-type=default-small/default-small remote-address=pppoe-pool-ftth use-mpls=no
/routing id
add disabled=no id=10.255.255.13 name=ospf_id select-dynamic-id=""
/routing ospf instance
add disabled=no name=ospf-backbone_v2 router-id=ospf_id
add disabled=yes name=ospf-instance-backbone_v3 router-id=ospf_id version=3
/routing ospf area
add disabled=no instance=ospf-backbone_v2 name=ospf-area-backbone_v2
add disabled=yes instance=ospf-instance-backbone_v3 name=ospf-area-backbone_v3
/snmp community
add addresses=192.168.200.253/32,192.168.200.155/32 name=pnet
/system logging action
add disk-file-count=5 disk-file-name=Critical name=CriticalLogs target=disk
add disk-file-count=5 disk-file-name=Error name=ErrorLogs target=disk
add disk-file-count=5 disk-file-name=Info name=InfoLogs target=disk
add disk-file-count=5 disk-file-name=Interfaces name=InterfacesLogs target=disk
add disk-file-count=5 disk-file-name=Warning name=WarningLogs target=disk
add name=DudeLogs remote=192.168.200.253 remote-log-format=syslog syslog-facility=local6 target=remote
add name=GrafanaLogs remote=192.168.200.168 remote-log-format=syslog src-address=10.99.0.5 target=remote
add name=GrafanaLogsAlert remote=192.168.200.168 remote-log-format=syslog src-address=10.99.0.5 syslog-facility=local1 syslog-severity=alert target=remote
add name=GrafanaLogsInfo remote=192.168.200.168 remote-log-format=syslog src-address=10.99.0.5 syslog-facility=local1 syslog-severity=info target=remote
add disk-file-count=5 disk-file-name=OSPF name=OSPFLogs target=disk
add disk-file-count=5 disk-file-name=PPPoE name=PPPoELogs target=disk
/user group
add name=dude policy="local,reboot,read,write,test,winbox,web,!telnet,!ssh,!ftp,!policy,!password,!sniff,!sensitive,!api,!romon,!rest-api"
add name=oxidized policy="ssh,read,!local,!telnet,!ftp,!reboot,!write,!policy,!test,!winbox,!password,!web,!sniff,!sensitive,!api,!romon,!rest-api"
add name=pnet policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,web,sniff,sensitive,api,romon,rest-api,!password"
/interface bridge port
add bridge=bridge_vlan99 interface=ether1
add bridge=bridge_vlan99 interface=vlan99
/ip settings
set tcp-syncookies=yes
/interface list member
add interface=bridge_vlan99 list=MGMT
/interface pppoe-server server
add authentication=chap,mschap1,mschap2 default-profile=PLATINUM disabled=no interface=vlan1070 keepalive-timeout=20 max-mru=1480 max-mtu=1480 service-name=pppoe-service
add authentication=chap,mschap1,mschap2 default-profile=DIAMOND disabled=no interface=vlan2861 max-mru=1480 max-mtu=1480 service-name=pppoe-service-ftth
/ip address
add address=10.99.0.84/24 interface=bridge_vlan99 network=10.99.0.0
add address=10.10.1.2/30 interface=vlan1070 network=10.10.1.0
/ip dns
set servers=8.8.8.8,2001:4860:4860::8888,1.1.1.1,2606:4700:4700::1111
/ip firewall filter
add action=drop chain=forward comment="Block Rule" dst-port=!80,53,23 protocol=tcp src-address-list=Clientes-Cortados src-port=!23
add action=drop chain=forward comment="Block Rule" dst-port=!80,53,23 protocol=udp src-address-list=Clientes-Cortados src-port=!23
add action=fasttrack-connection chain=forward comment="default configuration" connection-state=established,related disabled=yes hw-offload=yes
add action=accept chain=forward comment="accept established and related connections" connection-state=established,related
add action=accept chain=input comment="Allow Established/Related/Untracked connections" connection-state=established,related,untracked
add action=drop chain=input comment="Drop invalid connections" connection-state=invalid
add action=accept chain=input comment="Allow ICMP" protocol=icmp
add action=accept chain=input comment="Allow OSPF" in-interface=bridge_vlan99 protocol=ospf
add action=accept chain=input in-interface=lo protocol=ospf
add action=accept chain=input comment="Allow UDP" protocol=udp
add action=accept chain=input comment="Allow Oxidized" dst-port=22 in-interface=bridge_vlan99 protocol=tcp
add action=accept chain=input comment="Allow Winbox" dst-port=8291 protocol=tcp
add action=accept chain=input comment=API dst-port=8728 protocol=tcp src-address=168.197.196.100
add action=drop chain=input comment="Drop everything else"
/ip firewall nat
add action=src-nat chain=srcnat comment=SRC-NAT_FTTH out-interface=vlan1070 src-address=172.16.8.0/23 to-addresses=168.197.196.254
add action=src-nat chain=srcnat comment=SRC-NAT_FTTH out-interface=vlan1070 src-address=10.10.1.2 to-addresses=168.197.196.254
/ip firewall raw
add action=notrack chain=prerouting comment="No track - OSPF" protocol=ospf
add action=notrack chain=output protocol=ospf
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip route
add comment=RED_NOC disabled=no distance=1 dst-address=192.168.200.0/24 gateway=10.99.0.1 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment=RED_VPN-L2TP disabled=no distance=1 dst-address=10.100.0.0/24 gateway=10.99.0.1 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=10.10.1.1 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip service
set ftp disabled=yes
set ssh address=192.168.200.155/32
set telnet disabled=yes
set www disabled=yes
set api address=168.197.196.100/32
set api-ssl disabled=yes
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept OSPF" protocol=ospf
add action=drop chain=input comment="defconf: drop everything"
/ipv6 nd
set [ find default=yes ] disabled=yes
add advertise-dns=no interface=vlan1070 managed-address-configuration=yes other-configuration=yes
/lcd
set backlight-timeout=never color-scheme=dark default-screen=stat-slideshow read-only-mode=yes touch-screen=disabled
/lcd interface
set combo1 disabled=yes
set ether1 disabled=yes
set ether2 disabled=yes
set ether3 disabled=yes
set ether4 disabled=yes
set ether5 disabled=yes
set ether6 disabled=yes
set ether7 disabled=yes
/ppp aaa
set enable-ipv6-accounting=yes
/ppp secret
add name=MT-User profile=pppoe-sb service=pppoe
add comment=Estudio name=estudio profile=PLATINUM service=pppoe
add comment="Pozzi Antonella" name=pozziantonella profile=PLATINUM service=pppoe
add comment="Pozzi Carolina" name=pozzicarolina profile=PLATINUM service=pppoe
add comment="Pozzi Andres" name=pozzi_andres profile=DIAMOND service=pppoe
add comment="Martinez Geromini Lautaro Leonel" name=Martinez_Lautaro profile=DIAMOND service=pppoe
/routing ospf interface-template
add area=ospf-area-backbone_v2 disabled=no interfaces=bridge_vlan99
add area=ospf-area-backbone_v2 disabled=no interfaces=lo
add area=ospf-area-backbone_v3 disabled=yes interfaces=vlan1070
/snmp
set contact=pnet@puntonetinternet.com enabled=yes location="Nodo SB" trap-community=pnet trap-generators=interfaces trap-interfaces=bridge_vlan99 trap-version=2
/system clock
set time-zone-autodetect=no time-zone-name=America/Argentina/Mendoza
/system identity
set name=SB_PPPoE
/system logging
set 1 action=ErrorLogs
set 2 action=WarningLogs
set 3 action=CriticalLogs
add action=PPPoELogs topics=pppoe,info
add action=InfoLogs topics=info
add action=DudeLogs topics=info
add action=InterfacesLogs topics=interface
add action=OSPFLogs topics=route,ospf
add action=GrafanaLogsAlert topics=system,error
add action=GrafanaLogsInfo topics=system,info
add action=GrafanaLogs topics=system,info,account
/system ntp client
set enabled=yes
/system ntp client servers
add address=192.168.200.1
/system scheduler
add name=Reinicio-1 on-event="/system reboot" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2025-09-27 start-time=05:00:00
/tool graphing interface
add interface=*F0000E