# routerboard: yes # model: CCR1036-8G-2S+ # revision: r2 # serial-number: 968E0AF6346C # firmware-type: tilegx # factory-firmware: 6.43.5 # current-firmware: 6.43.16 # upgrade-firmware: 6.48.6 # # channel: long-term # installed-version: 6.48.6 # # Flags: U - undoable, R - redoable, F - floating-undo # ACTION BY POLICY # U bgp peer MG-V4 changed kadu write # U bgp peer MG-V4 changed kadu write # U bgp peer MG-V4 changed kadu write # U device changed kadu write # U address changed kadu write # U address changed kadu write # U address added kadu write # U device changed kadu write # U device added kadu write # U bgp peer MG-V4 changed kadu write # U bgp network 181.174.236.0/23 added kadu write # U bgp peer MG-V4 added kadu write # U item added kadu write # U item added kadu write # U item added kadu write # U bgp instance ASN_MG added kadu write # U address added kadu write # U device changed kadu write # U device added kadu write # U item changed kadu write # U bgp network 100.96.0.0/21 changed kadu write # U route removed kadu write # U route removed kadu write # U route removed kadu write # U route removed kadu write # U route removed kadu write # U route removed kadu write # U route removed kadu write # U device removed kadu write # U device removed kadu write # U device removed kadu write # U device removed kadu write # U device removed kadu write # U device removed kadu write # U device removed kadu write # U device changed kadu write # U device changed kadu write # U device changed kadu write # U RADIUS client added kadu write # U pppoe server changed kadu write # U ppp profile changed kadu write # U ppp profile changed kadu write # U pool PPPOE changed kadu write # U pool PPPOE added kadu write # U route changed kadu write # U route changed kadu write # # software id = 2JJT-M619 # # model = CCR1036-8G-2S+ # serial number = 968E0AF6346C /interface bridge add name=LOOPBACK add disabled=yes name=bridgeTRASNPORTE-MM protocol-mode=none /interface ethernet set [ find default-name=ether1 ] disabled=yes set [ find default-name=ether2 ] disabled=yes set [ find default-name=ether3 ] disabled=yes set [ find default-name=ether4 ] disabled=yes set [ find default-name=ether5 ] disabled=yes set [ find default-name=ether6 ] disabled=yes set [ find default-name=ether8 ] disabled=yes set [ find default-name=sfp-sfpplus1 ] comment="UPLINK: SWITCH BBONE-IMBAU" speed=1Gbps set [ find default-name=sfp-sfpplus2 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full comment="CORE: Uplink CE IMB" disabled=yes /interface vlan add comment="GERENCIA: SWITCH JOSE LACERDA" interface=sfp-sfpplus1 name=vlan95 vlan-id=95 add comment="RB JOS\C9 LACERDA" interface=sfp-sfpplus1 name=vlan170 vlan-id=170 add comment=BGP_MG interface=sfp-sfpplus1 name=vlan908 vlan-id=908 add comment=BELAGRICOLA interface=sfp-sfpplus1 name=vlan1321 vlan-id=1321 add comment=ALT_MM_IMB interface=sfp-sfpplus1 loop-protect=off name=vlan3021-OUT vlan-id=3021 add comment="UPLINK: PGO-DBUG" interface=sfp-sfpplus1 name=vlan4009 vlan-id=4009 add comment="UPLINK: CGNAT" interface=sfp-sfpplus1 name=vlan4012-cgnat vlan-id=4012 /interface list add name=Allowed-Neighbors /ip pool add name=PPPOE ranges=192.168.40.2-192.168.40.253 /ppp profile add change-tcp-mss=yes dns-server=177.10.56.3,177.10.56.30 local-address=192.168.40.1 name=PPPOE remote-address=192.168.40.2 use-compression=no use-ipv6=no use-mpls=no /queue simple add disabled=yes limit-at=500M/500M max-limit=500M/500M name=MG-FIBRA target=sfp-sfpplus1 add disabled=yes limit-at=300M/300M max-limit=300M/300M name=queue1 target=sfp-sfpplus2 /routing bgp instance set default as=268754 router-id=45.172.2.1 add as=266491 name=AS_CBEI_ONLINE router-id=170.244.61.0 add as=271446 name=ASN_MG /routing ospf instance set [ find default=yes ] distribute-default=always-as-type-1 router-id=10.255.255.1 /routing ospf-v3 instance set [ find default=yes ] distribute-default=always-as-type-1 redistribute-connected=as-type-1 redistribute-static=as-type-1 router-id=10.255.255.1 /snmp community set [ find default=yes ] addresses=0.0.0.0/0,45.225.64.0/22,45.225.66.2/32 name=not_public_fibergiga add addresses=0.0.0.0/0,45.225.64.0/22,45.225.66.2/32 name=onnet@2017 add addresses=45.172.0.0/22,45.225.66.2/32 name=mon-fb@2019 add addresses=::/0 name=mikrotik@dbug /system logging action add name=fw target=memory add name=syslog remote=45.172.0.37 src-address=45.172.2.1 target=remote /user group set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp" /interface bridge port add bridge=bridgeTRASNPORTE-MM interface=*11 add bridge=bridgeTRASNPORTE-MM interface=vlan3021-OUT /ip neighbor discovery-settings set discover-interface-list=!dynamic /ip settings set rp-filter=loose tcp-syncookies=yes /interface bridge vlan add disabled=yes tagged=*20,*1D,*21,*25 vlan-ids=48,101,102,103,104 /interface list member add interface=vlan170 list=Allowed-Neighbors add interface=vlan4012-cgnat list=Allowed-Neighbors add interface=sfp-sfpplus2 list=Allowed-Neighbors add list=Allowed-Neighbors /interface pppoe-server server add default-profile=PPPOE disabled=no max-mru=1480 max-mtu=1480 mrru=1600 one-session-per-host=yes service-name=PPPOE add default-profile=PPPOE disabled=no service-name=service2 /interface pptp-server server set enabled=yes /ip address add address=45.172.2.1 interface=LOOPBACK network=45.172.2.1 add address=10.255.255.1/30 disabled=yes interface=sfp-sfpplus2 network=10.255.255.0 add address=192.168.90.5/24 disabled=yes interface=bridgeTRASNPORTE-MM network=192.168.90.0 add address=192.168.0.1/24 interface=ether7 network=192.168.0.0 add address=10.10.95.1/24 interface=vlan95 network=10.10.95.0 add address=10.10.1.1/30 interface=vlan170 network=10.10.1.0 add address=10.10.0.137/30 interface=vlan4012-cgnat network=10.10.0.136 add address=169.254.250.166/30 interface=vlan4009 network=169.254.250.164 add address=169.254.250.190/30 interface=vlan4009 network=169.254.250.188 add address=170.244.61.0 comment=LOOPBACK_CBEI interface=LOOPBACK network=170.244.61.0 add address=172.16.13.1/30 disabled=yes network=172.16.13.0 add address=172.16.12.1/30 disabled=yes network=172.16.12.0 add address=192.168.25.2/30 disabled=yes interface=vlan1321 network=192.168.25.0 add address=10.10.50.1/30 disabled=yes network=10.10.50.0 add address=169.254.251.38/30 interface=vlan908 network=169.254.251.36 add address=181.174.236.29/30 interface=vlan1321 network=181.174.236.28 /ip arp add address=10.10.0.110 mac-address=74:4D:28:93:09:78 /ip cloud set update-time=no /ip dns set servers=45.225.64.10,45.225.64.13,2804:46e4:0:6::10,2001:4860:4860::8888 /ip firewall nat add action=dst-nat chain=dstnat disabled=yes dst-port=53 protocol=udp to-addresses=1.1.1.1 to-ports=53 add action=src-nat chain=srcnat disabled=yes dst-address=!177.10.56.36 to-addresses=45.172.2.1 /ip firewall service-port set ftp disabled=yes set tftp disabled=yes set irc disabled=yes set h323 disabled=yes set sip disabled=yes set pptp disabled=yes set udplite disabled=yes set dccp disabled=yes set sctp disabled=yes /ip service set telnet disabled=yes port=2323 set ftp disabled=yes set www disabled=yes set ssh address=177.10.56.141/32,177.10.56.96/32,45.225.65.10/32 set api disabled=yes set winbox address=177.10.56.141/32,177.10.56.96/32,45.187.80.0/24,45.225.64.0/22 port=25000 set api-ssl disabled=yes /ip smb set allow-guests=no interfaces=LOOPBACK /ip ssh set allow-none-crypto=yes forwarding-enabled=remote /ipv6 address add address=2804:5a30:c001::1/128 advertise=no interface=LOOPBACK add address=2804:5a30:c000::1 advertise=no interface=sfp-sfpplus2 add address=2804:2e8:a:12::2 advertise=no interface=vlan4009 add address=2804:38a4:8000::/128 advertise=no comment=LOOPBACK_CBEI interface=LOOPBACK /ipv6 nd set [ find default=yes ] advertise-dns=no /ppp secret add local-address=192.168.40.254 name=onnet@default.reset remote-address=192.168.40.1 service=pppoe add name=teste password=teste service=pppoe add name=nzm password=nzm-vpn@2020 profile=PPPOE service=pptp /radius add address=177.10.56.43 comment=METRO secret=8nFLWLeDTOqt service=login src-address=170.244.61.0 timeout=3s add address=177.10.56.36 comment=RADIUS_VOALLE secret=natbier service=ppp,hotspot,wireless src-address=170.244.61.1 timeout=3s /routing bgp network add network=45.172.2.0/24 synchronize=no add network=45.172.3.0/24 synchronize=no add network=45.172.2.0/23 synchronize=no add network=45.225.64.72/29 synchronize=no add network=2804:5a30:c000::/36 synchronize=no add network=45.225.64.32/30 synchronize=no add network=170.244.61.0/24 synchronize=no add network=2804:38a4:8000::/42 synchronize=no add comment=GERENCIA_OLT network=10.10.200.76/30 synchronize=no add comment=CGNAT network=100.96.0.0/21 synchronize=no add comment=CGNAT network=100.72.0.0/22 synchronize=no add network=181.174.236.0/23 synchronize=no /routing bgp peer add address-families=ip,ipv6 in-filter=DBUG-IN name=DBUG-V4 nexthop-choice=force-self out-filter=DBUG-OUT remote-address=169.254.250.165 remote-as=262847 ttl=default add in-filter=DBUG-IN instance=AS_CBEI_ONLINE name=DBUG-V4-AS_CBEI nexthop-choice=force-self out-filter=DBUG-OUT-CBEI remote-address=169.254.250.189 remote-as=262847 ttl=default update-source=169.254.250.190 add address-families=ipv6 in-filter=DBUG-IN-V6 instance=AS_CBEI_ONLINE name=DBUG-V6-AS_CBEI nexthop-choice=force-self out-filter=DBUG-OUT-V6 remote-address=2804:2e8:a:12::1 remote-as=262847 ttl=default update-source=2804:2e8:a:12::2 add in-filter=IN-MG instance=ASN_MG name=MG-V4 out-filter=OUT-MG remote-address=169.254.251.37 remote-as=262847 update-source=vlan908 /routing filter add action=accept chain=DBUG-IN prefix=0.0.0.0/0 set-bgp-local-pref=150 add action=discard chain=DBUG-IN set-bgp-local-pref=150 add action=accept chain=DBUG-OUT prefix=45.172.2.0/23 prefix-length=23-24 add action=accept chain=DBUG-OUT-CBEI disabled=yes prefix=100.96.0.0/22 prefix-length=22 add action=accept chain=DBUG-OUT-CBEI prefix=170.244.61.0/24 prefix-length=24 add action=accept chain=DBUG-OUT-CBEI prefix=10.10.200.76/30 add action=accept chain=DBUG-OUT-CBEI prefix=100.96.0.0/21 prefix-length=21 add action=discard chain=DBUG-OUT add action=accept chain=DBUG-IN-V6 prefix=::/0 prefix-length=0 add action=discard chain=DBUG-IN-V6 add action=accept chain=DBUG-OUT-V6 prefix=2804:38a4:8000::/42 prefix-length=42 add action=discard chain=DBUG-OUT-V6 add action=accept chain=DBUG-OUT-CBEI prefix=100.72.0.0/22 prefix-length=22 add action=discard chain=DBUG-OUT-CBEI add action=accept chain=OUT-MG prefix=181.174.236.0/23 prefix-length=23 add action=discard chain=OUT-MG add action=discard chain=IN-MG /routing ospf interface add network-type=broadcast passive=yes add cost=30 interface=sfp-sfpplus2 network-type=broadcast add interface=vlan170 network-type=point-to-point add interface=vlan4012-cgnat network-type=point-to-point add network-type=point-to-point /routing ospf network add area=backbone network=45.172.2.0/23 add area=backbone network=10.0.0.0/8 add area=backbone network=10.10.1.0/30 add area=backbone network=10.10.0.136/30 add area=backbone network=10.10.50.0/30 /routing ospf-v3 interface add area=backbone interface=sfp-sfpplus2 /snmp set contact=noc@dbug.com.br enabled=yes location="[-24.4474129,-50.7589158]" src-address=170.244.61.0 trap-community=mikrotik@dbug trap-version=2 /system clock set time-zone-autodetect=no time-zone-name=America/Sao_Paulo /system clock manual set time-zone=-03:00 /system identity set name=PR-IMB-FIBERGIGA-A001-R0-CORE-001 /system logging set 0 topics=info,!bgp,!firewall add action=fw topics=info,firewall add action=syslog topics=critical add action=syslog topics=warning add action=syslog topics=account /system ntp client set enabled=yes primary-ntp=91.189.89.198 secondary-ntp=200.160.7.197 /system package update set channel=long-term /system scheduler add name=upgrade_packages on-event="/system package update set channel=long-term\r\n/system package update install" policy=reboot,read,write,policy,test,password,sensitive start-date=sep/18/2020 start-time=05:00:00 add name=upgrade_firmware on-event="/system routerboard upgrade\r\n/system reboot" policy=reboot,read,write,policy,test,password,sensitive start-date=sep/18/2020 start-time=05:05:00 /tool bandwidth-server set authenticate=no enabled=no /tool romon set enabled=yes secrets=fibergiga /user aaa set use-radius=yes