# routerboard: yes # model: CRS309-1G-8S+ # serial-number: CB790CC9A8BD # firmware-type: dx3230L # factory-firmware: 6.45.8 # current-firmware: 7.19.4 # upgrade-firmware: 7.19.4 # # channel: stable # installed-version: 7.19.4 # # Flags: U - UNDOABLE # Columns: ACTION, BY, POLICY, TIME # ACTION BY POLICY TIME # U item changed marcos write 2025-09-16 10:38:51 # U item changed marcos write 2025-09-16 10:38:39 # U item changed marcos write 2025-09-15 20:55:14 # U item changed marcos write 2025-09-15 19:42:55 # # 2025-10-01 06:16:25 by RouterOS 7.19.4 # software id = WU8U-UGQ6 # # model = CRS309-1G-8S+ # serial number = CB790CC9A8BD /interface bridge add fast-forward=no igmp-snooping=yes igmp-version=3 ingress-filtering=no mld-version=2 multicast-querier=yes name=bridge_MAIN port-cost-mode=short vlan-filtering=yes /interface ethernet set [ find default-name=ether1 ] comment="UNTAGGED VLAN99" set [ find default-name=sfp-sfpplus1 ] comment="TRUNK_MAIN - (R50-SB)" loop-protect=on set [ find default-name=sfp-sfpplus2 ] comment=R50_GPON loop-protect=on set [ find default-name=sfp-sfpplus3 ] comment="TRUNK_R50-SB - WIRELESS - REDUNDANCY" loop-protect=on set [ find default-name=sfp-sfpplus4 ] auto-negotiation=no comment="R50_GPON_por problemas en boca 2" loop-protect=on speed=1G-baseX set [ find default-name=sfp-sfpplus5 ] comment=R50_Nodo loop-protect=on set [ find default-name=sfp-sfpplus6 ] comment=TRUNK_JDN-SR-BRS_Nodo loop-protect=on set [ find default-name=sfp-sfpplus7 ] comment=TRUNK_MKL_Nodo loop-protect=on set [ find default-name=sfp-sfpplus8 ] comment=TRUNK_VQZ_Nodo loop-protect=on /interface vlan add interface=bridge_MAIN name=vlan99 vlan-id=99 /interface list add name=MGMT /interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no /ip smb users set [ find default=yes ] disabled=yes /port set 0 name=serial0 /routing bgp template set default disabled=no output.network=bgp-networks /routing ospf instance add disabled=no name=default-v2 /routing ospf area add disabled=yes instance=default-v2 name=backbone-v2 /snmp community add addresses=192.168.200.253/32,192.168.200.155/32 authentication-protocol=SHA1 encryption-protocol=AES name=pnet /system logging action add disk-file-count=5 disk-file-name=Critical name=CriticalLogs target=disk add disk-file-count=5 disk-file-name=Error name=ErrorLogs target=disk add disk-file-count=5 disk-file-name=Info name=InfoLogs target=disk add disk-file-count=5 disk-file-name=Interfaces name=InterfacesLogs target=disk add disk-file-count=5 disk-file-name=Warning name=WarningLogs target=disk add name=DudeLogs remote=192.168.200.253 target=remote /user group add name=dude policy="local,reboot,read,write,test,winbox,web,rest-api,!telnet,!ssh,!ftp,!policy,!password,!sniff,!sensitive,!api,!romon" add name=oxidized policy="ssh,read,!local,!telnet,!ftp,!reboot,!write,!policy,!test,!winbox,!password,!web,!sniff,!sensitive,!api,!romon,!rest-api" /interface bridge port add bridge=bridge_MAIN ingress-filtering=no interface=ether1 internal-path-cost=10 path-cost=10 add bridge=bridge_MAIN ingress-filtering=no interface=sfp-sfpplus1 internal-path-cost=10 path-cost=10 add bridge=bridge_MAIN ingress-filtering=no interface=sfp-sfpplus2 internal-path-cost=10 path-cost=10 add bridge=bridge_MAIN ingress-filtering=no interface=sfp-sfpplus6 internal-path-cost=10 path-cost=10 add bridge=bridge_MAIN ingress-filtering=no interface=sfp-sfpplus7 internal-path-cost=10 path-cost=10 add bridge=bridge_MAIN ingress-filtering=no interface=sfp-sfpplus8 internal-path-cost=10 path-cost=10 add bridge=bridge_MAIN ingress-filtering=no interface=sfp-sfpplus3 internal-path-cost=10 path-cost=10 add bridge=bridge_MAIN ingress-filtering=no interface=sfp-sfpplus5 internal-path-cost=10 path-cost=10 add bridge=bridge_MAIN interface=sfp-sfpplus4 /ip firewall connection tracking set udp-timeout=10s /ip neighbor discovery-settings set discover-interface-list=MGMT /ip settings set max-neighbor-entries=8192 /interface bridge vlan add bridge=bridge_MAIN comment=VLAN99 tagged="bridge_MAIN,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7,sfp-sfpplus8" untagged=ether1 vlan-ids=99 add bridge=bridge_MAIN comment=R50_Nodo tagged=sfp-sfpplus1,sfp-sfpplus3,sfp-sfpplus5 vlan-ids=23,80,81 add bridge=bridge_MAIN comment=MKL_Nodo tagged=sfp-sfpplus7,sfp-sfpplus5 vlan-ids=160 add bridge=bridge_MAIN comment=R50_GPON tagged=sfp-sfpplus2,sfp-sfpplus5,sfp-sfpplus4 vlan-ids=800 add bridge=bridge_MAIN comment=JDN-SR-BRS_Nodos tagged=sfp-sfpplus1,sfp-sfpplus3,sfp-sfpplus6 vlan-ids=109,150,151,152,153 add bridge=bridge_MAIN comment=VQZ_Nodo tagged=sfp-sfpplus1,sfp-sfpplus3,sfp-sfpplus8 vlan-ids=170 add bridge=bridge_MAIN comment=TEMP tagged=sfp-sfpplus1,sfp-sfpplus3,sfp-sfpplus5 vlan-ids=601 add bridge=bridge_MAIN comment=NETVIDEO+IPTV+CAMARAS tagged="bridge_MAIN,sfp-sfpplus1,sfp-sfpplus3,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus8" vlan-ids=1005,1020 add bridge=bridge_MAIN comment="PUBLICA_Choque Ariel Leonardo" tagged=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3 vlan-ids=82 /interface list member add interface=ether1 list=MGMT add interface=vlan99 list=MGMT /interface ovpn-server server add auth=sha1,md5 mac-address=FE:7E:B8:C2:90:BA name=ovpn-server1 /ip address add address=10.99.0.104/24 interface=vlan99 network=10.99.0.0 add address=168.197.196.70/30 interface=*E network=168.197.196.68 /ip dns set servers=1.1.1.1,8.8.8.8 /ip firewall filter add action=drop chain=input comment="Drop invalid connections" connection-state=invalid add action=accept chain=input comment="Allow Established/Related/Untracked connections" connection-state=established,related,untracked add action=accept chain=input comment="Allow UDP" protocol=udp add action=accept chain=input comment="Allow ICMP" protocol=icmp add action=accept chain=input comment=Oxidized dst-port=22 protocol=tcp add action=accept chain=input comment="Allow Winbox" dst-port=8291 protocol=tcp add action=log chain=input comment="Log everything else" disabled=yes log-prefix="DROP INPUT" add action=drop chain=input comment="Drop everything else" /ip firewall service-port set ftp disabled=yes set tftp disabled=yes set h323 disabled=yes set sip disabled=yes set pptp disabled=yes set udplite disabled=yes set dccp disabled=yes set sctp disabled=yes /ip hotspot profile set [ find default=yes ] html-directory=hotspot /ip ipsec profile set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 /ip route add disabled=no dst-address=0.0.0.0/0 gateway=10.99.0.1 /ip service set ftp disabled=yes set ssh address=192.168.200.155/32 set telnet disabled=yes set www disabled=yes set api disabled=yes set api-ssl disabled=yes /ip smb shares set [ find default=yes ] directory=/flash/pub /routing bfd configuration add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5 /snmp set contact=noc@puntonetinternet.com enabled=yes location="R50 Nodo" trap-community=pnet trap-generators=interfaces trap-interfaces=vlan99 trap-version=2 /system clock set time-zone-name=America/Argentina/Mendoza /system identity set name=SW4_L2_R50 /system logging set 0 action=InfoLogs set 1 action=ErrorLogs set 2 action=WarningLogs set 3 action=CriticalLogs add action=InterfacesLogs topics=interface add action=DudeLogs topics=account /system ntp client set enabled=yes /system ntp client servers add address=192.168.200.1 /system routerboard settings set auto-upgrade=yes /system scheduler add interval=2w1d name="Envio de Backups por Correo" on-event=backup_mail policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2023-04-06 start-time=04:00:00 add name=Reinicio-1 on-event="/system reboot" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2025-09-12 start-time=05:00:00 add name=Reinicio-2 on-event="/system reboot" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2025-09-12 start-time=05:10:00 /system script add dont-require-permissions=no name=backup_mail owner=marcos policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":log info \"backup beginning now\"\r\n:global backupfile ([/system identity get name] . \"-\" . [/system clock\_get time])\r\n/system backup save name=\$backupfile\r\n:log info \"backup pausing for 10s\"\r\n:delay 10s\r\n:log info \"backup being emailed\"\r\n/tool e-mail send to=puntonetinet@gmail.com subject=([/system identity get name] . \\ \" Backup\") from=\"MKT SW4_L2 - R50 \" file=\$backupfile \r\n:log info \"backup finished\"" /tool e-mail set from="SW4_L2 - R50 - (CRS309-1G-8S+) " port=465 server=mail.puntonetinternet.com tls=yes user=noc@puntonetinternet.com