[hendry@bedroom] > /export compact hide-sensitive
# dec/08/2017 08:04:13 by RouterOS 6.40.4
# software id = 3TFL-GZ17
#
# model = RouterBOARD 952Ui-5ac2nD
# serial number = 71B207784E85
/interface bridge
add name=aa
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=AAISP user=khw@a.1
/interface wireless
# managed by CAPsMAN
# channel: 2442/20-Ce/gn(20dBm), SSID: praze, CAPsMAN forwarding
set [ find default-name=wlan1 ] ssid=MikroTik
# managed by CAPsMAN
# channel: 5180/20-Ceee/ac(23dBm), SSID: praze, CAPsMAN forwarding
set [ find default-name=wlan2 ] ssid=MikroTik
/caps-man datapath
add bridge=aa name=aaout
/caps-man configuration
add country="united kingdom" datapath=aaout name=Praze ssid=praze
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp_pool0 ranges=81.187.180.130-81.187.180.190
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=aa name=dhcp1
/queue tree
add max-limit=1448k name=Upload parent=AAISP queue=default
add limit-at=800k max-limit=800k name=Upload-UDP packet-mark=UDP parent=Upload
add name=Upload-Else packet-mark=Else parent=Upload queue=default
/caps-man access-list
add action=accept disabled=yes interface=all signal-range=-80..120
add action=reject disabled=yes interface=all signal-range=-120..-81
/caps-man manager
set enabled=yes upgrade-policy=suggest-same-version
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=Praze name-format=prefix-identity name-prefix=P
/interface bridge port
add bridge=aa interface=ether2
add bridge=aa interface=ether3
add bridge=aa interface=ether4
add bridge=aa interface=ether5
/interface wireless cap
#
set caps-man-addresses=127.0.0.1 discovery-interfaces=aa enabled=yes interfaces=wlan1,wlan2
/ip address
add address=81.187.180.129/26 interface=ether2 network=81.187.180.128
/ip dhcp-server network
add address=81.187.180.128/26 dns-server=81.187.180.129 gateway=81.187.180.129
/ip dns
set allow-remote-requests=yes servers=217.169.20.20,217.169.20.21,2001:8b0::2020,2001:8b0::2021
/ip firewall filter
add action=accept chain=forward comment="LAN traffic can go anywhere" in-interface=aa
add action=accept chain=forward comment="Established traffic" connection-state=established
add action=accept chain=forward comment="Related traffic" connection-state=related
add action=accept chain=forward disabled=yes protocol=udp
add action=accept chain=forward comment=ICMP protocol=icmp
add action=drop chain=forward comment="Drop the rest"
add action=accept chain=output
add action=accept chain=input comment="LAN traffic can go anywhere" in-interface=aa
add action=accept chain=input comment="Established traffic" connection-state=established
add action=accept chain=input comment="Related traffic" connection-state=related
add action=accept chain=input dst-port=80 protocol=tcp src-address=132.147.74.159
add action=accept chain=input comment=ICMP protocol=icmp
add action=accept chain=input comment="allow ssh" dst-port=22 protocol=tcp src-address=132.147.74.159
add action=accept chain=input comment="CAPs to CAPsMAN" dst-port=5246,5247 protocol=udp src-address=127.0.0.1
add action=drop chain=input comment="Drop the rest"
/ip firewall mangle
add action=set-priority chain=postrouting new-priority=from-dscp-high-3-bits passthrough=yes
add action=mark-packet chain=prerouting new-packet-mark=UDP passthrough=no protocol=udp
add action=mark-packet chain=prerouting new-packet-mark=Else passthrough=no
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/system clock
set time-zone-name=Europe/London
/system identity
set name=bedroom
/tool graphing interface
add interface=AAISP