MikroTik CRS109-8G-1S-2HnD-IN en S-RJ01

[test@MikroTik] > /export 

# jul/17/2023 14:27:28 by RouterOS 6.49.8

# software id = 

#

# model = CRS109-8G-1S-2HnD

# serial number = 

/interface bridge

add admin-mac= auto-mac=no comment=defconf name=bridge

/interface wireless

set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=20/40mhz-XX country=no_country_set disabled=no frequency=auto frequency-mode=manual-txpower installation=indoor mode=ap-bridge ssid= station-roaming=enabled wireless-protocol=802.11 wps-mode=disabled

/interface ethernet

set [ find default-name=sfp1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full

/interface list

add comment=defconf name=WAN

add comment=defconf name=LAN

/interface wireless security-profiles

set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk disable-pmkid=yes management-protection=allowed mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key= wpa2-pre-shared-key=

/ip pool

add name=dhcp ranges=

/ip dhcp-server

add address-pool=dhcp disabled=no interface=bridge name=defconf

/user group

set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp

/certificate settings

set crl-download=yes crl-store=system crl-use=yes

/interface bridge port

add bridge=bridge comment=defconf interface=ether2

add bridge=bridge comment=defconf interface=ether3

add bridge=bridge comment=defconf interface=ether4

add bridge=bridge comment=defconf interface=ether5

add bridge=bridge comment=defconf interface=ether6

add bridge=bridge comment=defconf interface=ether7

add bridge=bridge comment=defconf interface=ether8

add bridge=bridge comment=defconf disabled=yes interface=sfp1

add bridge=bridge comment=defconf interface=wlan1

add bridge=bridge hw=no interface=ether1

/ip neighbor discovery-settings

set discover-interface-list=LAN

/interface detect-internet

set detect-interface-list=all internet-interface-list=all lan-interface-list=all wan-interface-list=all

/interface list member

add comment=defconf interface=bridge list=LAN

add interface=sfp1 list=WAN

/ip address

add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0

/ip dhcp-client

# DHCP client can not run on slave interface!

add comment=defconf disabled=no interface=ether1

/ip dhcp-server network

add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1

/ip dns

set allow-remote-requests=yes

/ip dns static

add address=192.168.88.1 name=router.lan

/ip firewall filter

add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec

add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec

add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related

add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked

add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid

add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN

add action=accept chain=input protocol=icmp

add action=accept chain=input connection-state=established

add action=accept chain=input connection-state=related

add action=drop chain=input in-interface-list=!LAN

/ip firewall nat

add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN

/ip route

add disabled=yes distance=1 gateway=192.168.178.1

/ip service

set telnet disabled=yes

set ftp disabled=yes

set ssh disabled=yes

set www-ssl disabled=no tls-version=only-1.2

/lcd interface pages

set 0 interfaces=wlan1

/system clock

set time-zone-name=Europe/Amsterdam

/tool mac-server

set allowed-interface-list=LAN

/tool mac-server mac-winbox

set allowed-interface-list=LAN