# routerboard: yes # model: CRS309-1G-8S+ # revision: r2 # serial-number: D84A0F743EBB # firmware-type: dx3230L # factory-firmware: 6.47.10 # current-firmware: 7.19.4 # upgrade-firmware: 7.19.4 # # channel: stable # installed-version: 7.19.4 # # Flags: U - UNDOABLE # Columns: ACTION, BY, POLICY, TIME # ACTION BY POLICY TIME # U item changed marcos write 2025-09-25 21:01:19 # U script removed marcos write 2025-09-24 13:35:56 # U changed script settings marcos write 2025-09-24 13:34:30 # U new script added marcos write 2025-09-24 13:32:04 # U script removed marcos write 2025-09-24 13:30:34 # U changed script settings marcos write 2025-09-24 13:29:58 # U changed script settings marcos write 2025-09-24 13:29:17 # U changed script settings marcos write 2025-09-24 13:28:51 # U changed script settings marcos write 2025-09-24 13:27:36 # U changed script settings marcos write 2025-09-24 13:27:08 # U changed script settings marcos write 2025-09-24 13:26:26 # U changed script settings marcos write 2025-09-24 13:24:35 # U new script added marcos write 2025-09-24 13:22:07 # U script removed marcos write 2025-09-24 13:20:56 # U script removed marcos write 2025-09-24 13:20:54 # U changed scheduled script settings marcos write 2025-09-24 12:56:21 # U changed script settings marcos write 2025-09-24 12:53:57 # U changed scheduled script settings marcos write 2025-09-24 11:51:14 # U changed scheduled script settings marcos write 2025-09-24 11:50:24 # U changed scheduled script settings marcos write 2025-09-24 11:49:53 # U changed script settings marcos write 2025-09-24 11:49:21 # U new script added marcos write 2025-09-24 11:48:58 # # 2025-10-01 06:18:05 by RouterOS 7.19.4 # software id = 6RC6-1UIX # # model = CRS309-1G-8S+ # serial number = D84A0F743EBB /interface bridge add fast-forward=no igmp-snooping=yes igmp-version=3 ingress-filtering=no mld-version=2 multicast-querier=yes name=bridge_MAIN port-cost-mode=short priority=0x1000 vlan-filtering=yes /interface ethernet set [ find default-name=ether1 ] comment="UNTAGGED VLAN99" set [ find default-name=sfp-sfpplus1 ] comment=LIBRE loop-protect=on set [ find default-name=sfp-sfpplus2 ] comment=BOND_MAIN set [ find default-name=sfp-sfpplus4 ] comment="TRUNK_MAIN (WESTNET)" loop-protect=on set [ find default-name=sfp-sfpplus5 ] comment="TRUNK_SB-FO - REDUNDANCY" set [ find default-name=sfp-sfpplus6 ] comment="TRUNK_SB-FO - FIBRA RECUPERADA" set [ find default-name=sfp-sfpplus7 ] comment="TRUNK_MAIN (MEGAS MAYORISTA)" loop-protect=on set [ find default-name=sfp-sfpplus8 ] comment=TRUNK_SW0_L2 loop-protect=on /interface vlan add interface=bridge_MAIN name=vlan99 vlan-id=99 /interface bonding add comment="TRUNK_MAIN (BGP_CORE)" mode=802.3ad name=bond_MAIN slaves=sfp-sfpplus2,sfp-sfpplus3 transmit-hash-policy=layer-2-and-3 /interface list add name=MGMT /interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no /ip smb users set [ find default=yes ] disabled=yes /port set 0 name=serial0 /routing bgp template set default disabled=no output.network=bgp-networks /routing ospf instance add disabled=no name=default-v2 /routing ospf area add disabled=yes instance=default-v2 name=backbone-v2 /snmp community add addresses=192.168.200.253/32,192.168.200.155/32 authentication-protocol=SHA1 encryption-protocol=AES name=pnet /system logging action add disk-file-count=5 disk-file-name=Critical name=CriticalLogs target=disk add disk-file-count=5 disk-file-name=Error name=ErrorLogs target=disk add disk-file-count=5 disk-file-name=Info name=InfoLogs target=disk add disk-file-count=5 disk-file-name=Interfaces name=InterfacesLogs target=disk add disk-file-count=5 disk-file-name=Warning name=WarningLogs target=disk add name=DudeLogs remote=192.168.200.253 target=remote add name=GrafanaLogs remote=192.168.200.168 remote-log-format=syslog target=remote add name=GrafanaLogsAlert remote=192.168.200.168 remote-log-format=syslog syslog-facility=local1 syslog-severity=alert target=remote add name=GrafanaLogsInfo remote=192.168.200.168 remote-log-format=syslog syslog-facility=local1 syslog-severity=info target=remote /user group add name=dude policy="local,reboot,read,write,test,winbox,web,rest-api,!telnet,!ssh,!ftp,!policy,!password,!sniff,!sensitive,!api,!romon" add name=oxidized policy="ssh,read,!local,!telnet,!ftp,!reboot,!write,!policy,!test,!winbox,!password,!web,!sniff,!sensitive,!api,!romon,!rest-api" /interface bridge port add bridge=bridge_MAIN ingress-filtering=no interface=sfp-sfpplus1 internal-path-cost=10 path-cost=10 add bridge=bridge_MAIN ingress-filtering=no interface=sfp-sfpplus4 internal-path-cost=10 path-cost=10 add bridge=bridge_MAIN ingress-filtering=no interface=sfp-sfpplus5 internal-path-cost=10 path-cost=10 priority=0x60 add bridge=bridge_MAIN ingress-filtering=no interface=sfp-sfpplus6 internal-path-cost=10 path-cost=10 priority=0x50 add bridge=bridge_MAIN ingress-filtering=no interface=sfp-sfpplus8 internal-path-cost=10 path-cost=10 add bridge=bridge_MAIN ingress-filtering=no interface=ether1 internal-path-cost=10 path-cost=10 add bridge=bridge_MAIN interface=sfp-sfpplus7 internal-path-cost=10 path-cost=10 add bridge=bridge_MAIN interface=bond_MAIN /ip firewall connection tracking set udp-timeout=10s /ip neighbor discovery-settings set discover-interface-list=MGMT /ip settings set max-neighbor-entries=8192 /interface bridge vlan add bridge=bridge_MAIN comment=MGMT tagged=bridge_MAIN,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus8 untagged=ether1 vlan-ids=99 add bridge=bridge_MAIN comment="SILICA + CDN" tagged=sfp-sfpplus5,sfp-sfpplus6,bond_MAIN vlan-ids=1402,1455 add bridge=bridge_MAIN comment=FO-VQZ_Nodo tagged=sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus8 vlan-ids=100,101,102,104,107,111,112,170 add bridge=bridge_MAIN comment=FLB_Nodo tagged=sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus8 vlan-ids=20,21,22,24,26,27,28,29,30-36,105,542 add bridge=bridge_MAIN comment=TEMP tagged=sfp-sfpplus8,sfp-sfpplus6 vlan-ids=601 add bridge=bridge_MAIN comment=MEGAS tagged=sfp-sfpplus7,bond_MAIN vlan-ids=203 add bridge=bridge_MAIN comment=WESTNET tagged=sfp-sfpplus4,bond_MAIN vlan-ids=3315 add bridge=bridge_MAIN comment=NETVIDEO+IPTV tagged=sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus8 vlan-ids=1005 add bridge=bridge_MAIN comment=WESTNET_FTTH tagged=sfp-sfpplus4,sfp-sfpplus8 vlan-ids=2861 /interface list member add interface=ether1 list=MGMT add interface=vlan99 list=MGMT /interface ovpn-server server add auth=sha1,md5 mac-address=FE:3E:59:C0:BD:03 name=ovpn-server1 /ip address add address=10.99.0.101/24 interface=vlan99 network=10.99.0.0 /ip dns set servers=8.8.8.8,1.1.1.1 /ip firewall filter add action=drop chain=input comment="Drop invalid connections" connection-state=invalid add action=accept chain=input comment="Allow Established/Related/Untracked connections" connection-state=established,related,untracked add action=accept chain=input comment="Allow UDP" protocol=udp add action=accept chain=input comment="Allow ICMP" protocol=icmp add action=accept chain=input comment=Oxidized dst-port=22 protocol=tcp add action=accept chain=input comment="Allow Winbox" dst-port=8291 protocol=tcp add action=log chain=input comment="Log everything else" disabled=yes log-prefix="DROP INPUT" add action=drop chain=input comment="Drop everything else" /ip firewall service-port set ftp disabled=yes set tftp disabled=yes set h323 disabled=yes set sip disabled=yes set pptp disabled=yes set udplite disabled=yes set dccp disabled=yes set sctp disabled=yes /ip hotspot profile set [ find default=yes ] html-directory=hotspot /ip ipsec profile set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 /ip route add disabled=no dst-address=0.0.0.0/0 gateway=10.99.0.1 /ip service set ftp disabled=yes set ssh address=192.168.200.155/32 set telnet disabled=yes set www disabled=yes set api disabled=yes set api-ssl disabled=yes /ip smb shares set [ find default=yes ] directory=/flash/pub /routing bfd configuration add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5 /snmp set contact=noc@puntonetinternet.com enabled=yes location="NOC SB" trap-community=pnet trap-generators=interfaces trap-interfaces=vlan99 trap-version=2 /system clock set time-zone-name=America/Argentina/Mendoza /system identity set name=SW1_L2_SB /system logging set 0 action=InfoLogs set 1 action=ErrorLogs set 2 action=WarningLogs set 3 action=CriticalLogs add action=InterfacesLogs topics=interface add action=DudeLogs topics=info /system ntp client set enabled=yes /system ntp client servers add address=192.168.200.1 /system routerboard settings set auto-upgrade=yes /system scheduler add interval=2w1d name="Envio de Backups por Correo" on-event=backup_mail policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2023-04-06 start-time=04:00:00 add name=Reinicio-1 on-event="/system reboot" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2025-09-12 start-time=05:00:00 add name=Reinicio-2 on-event="/system reboot" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2025-09-12 start-time=05:10:00 add disabled=yes interval=5m name=MonitorTraffic on-event=MonitorTraffic policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-time=startup /system script add dont-require-permissions=no name=backup_mail owner=marcos policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":log info \"backup beginning now\"\r\n:global backupfile ([/system identity get name] . \"-\" . [/system clock\_get time])\r\n/system backup save name=\$backupfile\r\n:log info \"backup pausing for 10s\"\r\n:delay 10s\r\n:log info \"backup being emailed\"\r\n/tool e-mail send to=puntonetinet@gmail.com subject=([/system identity get name] . \\ \" Backup\") from=\"MKT SW1_L2 - SB \" file=\$backupfile \r\n:log info \"backup finished\"" /tool e-mail set from="SW1_L2 - SB - (CRS309-1G-8S+) " port=465 server=mail.puntonetinternet.com tls=yes user=noc@puntonetinternet.com