# model: CCR1009-8G-1S-1S+ # serial-number: 67530527D11C # firmware-type: tilegx # current-firmware: 6.47.3 # installed-version: 6.47.3 # Flags: U - undoable, R - redoable, F - floating-undo # ACTION BY POLICY # U item changed admin write # U changed system note settings admin write # U user wkve changed admin write # policy # U user cgr changed admin write # policy # U user wkve changed admin write # policy # U item changed admin write # U changed system note settings admin write # U user wkve changed admin write # policy # U user cgr changed admin write # policy # U user wkve changed admin write # policy # U item changed admin write # U changed system note settings admin write # U user wkve changed admin write # policy # U user cgr changed admin write # policy # U user wkve changed admin write # policy # U item changed admin write # U changed system note settings admin write # U user wkve changed admin write # policy # U user cgr changed admin write # policy # U user wkve changed admin write # policy # U item changed admin write # U changed system note settings admin write # U user wkve changed admin write # policy # U user cgr changed admin write # policy # U user wkve changed admin write # policy # U item changed admin write # U changed system note settings admin write # U user wkve changed admin write # policy # U user cgr changed admin write # policy # U user wkve changed admin write # policy # U item changed admin write # U changed system note settings admin write # U user wkve changed admin write # policy # U user cgr changed admin write # policy # U user wkve changed admin write # policy # U item changed admin write # U changed system note settings admin write # U user wkve changed admin write # policy # U user cgr changed admin write # policy # U user wkve changed admin write # policy # U item changed admin write # U changed system note settings admin write # U user wkve changed admin write # policy # U user cgr changed admin write # policy # U user wkve changed admin write # policy # U item changed admin write # U changed system note settings admin write # U user wkve changed admin write # policy # U user cgr changed admin write # policy # U user wkve changed admin write # policy # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # # software id = H0TJ-34XM # # model = CCR1009-8G-1S-1S+ # serial number = 67530527D11C /interface bridge add fast-forward=no name=BRIDGE-MG-BHE-MK-CURRAL.VOIP add fast-forward=no name=lo0 /interface ethernet set [ find default-name=ether1 ] comment="ETHERNET - MG-MRN-ACX2100-CARTUXA - ge-1/0/0 " set [ find default-name=ether2 ] comment="ETHERNET - MG-MRN-ACX2100-CARTUXA - ge-1/0/1 " set [ find default-name=ether3 ] comment="ETHERNET - MG-MRN-D6248-CARTUXA - 1/G1" set [ find default-name=ether4 ] comment="ETHERNET - MG-MRN-D6248-CARTUXA - 1/G2" set [ find default-name=ether5 ] comment="ETHERNET UPLINK - MG-ORP-TIMBOPEBA VIA METAL " speed=10Mbps set [ find default-name=ether7 ] comment="ETHERNET - GERENCIA CERAGON IP20F CARTUXA/SEARA" set [ find default-name=ether8 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment="ETHERNET - ATA MONITORAMENTO" set [ find default-name=sfp-sfpplus1 ] advertise=10M-full,100M-full,1000M-full auto-negotiation=no l2mtu=9000 speed=1Gbps set [ find default-name=sfp1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-full l2mtu=9000 /interface eoip add !keepalive local-address=172.16.163.60 mac-address=02:E2:8F:6D:69:6E name=EOIP-MG-BHE-MK-CURRAL.VOIP remote-address=172.16.215.251 tunnel-id=155 /interface vlan add comment="VLAN - PEER MG-ORP-MK-TIMBOPEBA" interface=ether5 name=ether5.1400 vlan-id=1400 add comment="VLAN - GERENCIA METAL MRN - ORP" interface=ether5 name=ether5.1815 vlan-id=1815 /interface bonding add comment="LACP - MG-MRN-D6248-CARTUXA" mode=802.3ad name=ae0 slaves=ether3,ether4 add comment="LACP - MG-MRN-ACX2100-CARTUXA" min-links=1 mode=802.3ad name=ae1 slaves=ether1,ether2 transmit-hash-policy=layer-2-and-3 /interface vlan add comment="VLAN - GERENCIA MG-MRN-D6248-CARTUXA" disabled=yes interface=ae0 name=ae0.1000 vlan-id=1000 add comment="VLAN - PEER MG-PRG-MK-REP.PIRANGA1 VIA NETMETAL" interface=ae0 name=ae0.1403 vlan-id=1403 add comment="VLAN - PEER MG-PRG-MK-PIRANGA1 VIA AIRFIBER" interface=ae0 name=ae0.1404 vlan-id=1404 add comment="VLAN - ADM RADIOS NETMETAL MRN-PRG" interface=ae0 name=ae0.2003 vlan-id=2003 add comment="VLAN - ADM RADIOS AIRFIBER MRN-PRG" interface=ae0 name=ae0.2004 vlan-id=2004 add comment="VLAN - ADM PTP PSYS BRADESCO" interface=ae0 name=ae0.2005 vlan-id=2005 add comment="VLAN - ADM PTP COCA COLA" interface=ae0 name=ae0.2006 vlan-id=2006 add comment="VLAN - ADM PTP SAMARCO - MINA GERMANO" interface=ae0 name=ae0.2007 vlan-id=2007 add comment="VLAN - GERENCIA IP20F CARTUXA/SAMARCO" interface=ae0 name=ae0.2010 vlan-id=2010 add comment="VLAN - PEER MG-MRN-ACX2100-CARTUXA" interface=ae1 name=ae1.1410 vlan-id=1410 /interface list add exclude=dynamic name=discover /ppp profile add address-list=a name="set interim-update=5m use-radius=yes" /queue type set 9 kind=sfq sfq-perturb=10 /routing bgp instance set default as=28360 router-id=172.16.163.60 /routing ospf instance set [ find default=yes ] router-id=172.16.163.60 /snmp community set [ find default=yes ] addresses=189.76.208.0/24,177.8.22.232/29,177.8.17.192/30 name=cilbup /system logging action set 3 bsd-syslog=yes remote=189.76.208.79 src-address=172.16.163.60 syslog-facility=local6 add bsd-syslog=yes name=graylog remote=189.76.208.85 syslog-facility=syslog target=remote /user group set read policy="local,telnet,ssh,reboot,read,test,winbox,password,web,sniff,api,romon,tikapp,!ftp,!write,!policy,!sensitive,!dude" set write policy="local,telnet,ssh,reboot,read,write,test,winbox,password,web,sniff,api,romon,tikapp,!ftp,!policy,!sensitive,!dude" set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp" /interface bridge port add bridge=BRIDGE-MG-BHE-MK-CURRAL.VOIP interface=EOIP-MG-BHE-MK-CURRAL.VOIP add bridge=BRIDGE-MG-BHE-MK-CURRAL.VOIP hw=no interface=ether8 /ip firewall connection tracking set enabled=no /ip neighbor discovery-settings set discover-interface-list=!dynamic /interface list member add interface=sfp-sfpplus1 list=discover add interface=ether1 list=discover add interface=ether2 list=discover add interface=ether4 list=discover add interface=ether5 list=discover add interface=ether7 list=discover add interface=BRIDGE-MG-BHE-MK-CURRAL.VOIP list=discover add interface=EOIP-MG-BHE-MK-CURRAL.VOIP list=discover add interface=ether5.1400 list=discover add interface=ether5.1815 list=discover add list=discover /ip address add address=172.16.163.30/30 comment="IP - PEER MG-ORP-MK-TIMBOPEBA" interface=ether5.1400 network=172.16.163.28 add address=172.16.163.60 comment="IP - LOOPBACK" interface=lo0 network=172.16.163.60 add address=172.16.163.89/29 comment="IP - ADM RADIOS MG-REP.PIRANGA-1" interface=ae0.2003 network=172.16.163.88 add address=172.16.163.105/30 comment="IP - PEER MG-PRG-MK-REP.PIRANGA-1" interface=ae0.1403 network=172.16.163.104 add address=172.16.163.101/30 comment="IP - PEER MG-PRG-MK-PIRANGA1 VIA AIRFIBER" interface=ae0.1404 network=172.16.163.100 add address=172.16.163.185/29 comment="IP - ADM RADIOS AIRFIBER MRN-PRG" interface=ae0.2004 network=172.16.163.184 add address=172.16.163.233/29 comment="IP - ADM PTP PSYS BRADESCO" interface=ae0.2005 network=172.16.163.232 add address=172.16.160.137/29 comment="IP - ADM PTP PSYS COCA COLA" interface=ae0.2006 network=172.16.160.136 add address=172.16.162.185/29 comment="IP - ADM PTP SAMARCO MINA GERMANO" interface=ae0.2007 network=172.16.162.184 add address=172.16.163.2/30 comment="IP - PEER MG-MRN-ACX2100-CARTUXA" interface=ae1.1410 network=172.16.163.0 add address=172.16.101.85/30 comment="IP - GERENCIA CERAGON IP20F CARTUXA/SEARA" interface=ether7 network=172.16.101.84 add address=172.16.103.81/30 comment="IP - GERENCIA CERAGON IP20F CARTUXA/SAMARCO" interface=ae0.2010 network=172.16.103.80 /ip dns set servers=177.8.8.8,177.8.8.9 /ip firewall address-list add address=172.16.0.0/12 comment=RFC1918 list=REDES-RFC1918 add address=10.0.0.0/8 comment=RFC1918 list=REDES-RFC1918 add address=192.168.0.0/16 comment=RFC1918 list=REDES-RFC1918 add address=172.16.0.0/12 comment=RFC1918 list=REDES-VITAIS add address=192.168.0.0/16 comment=RFC1918 list=REDES-VITAIS add address=10.0.0.0/8 comment=RFC1918 list=REDES-VITAIS add address=189.76.214.64/29 comment="BLOCO SERVIDORES CURRAL" list=REDES-VITAIS add address=189.76.208.64/27 comment="BLOCO SERVIDORES CURRAL" list=REDES-VITAIS add address=189.76.208.112/29 comment="BLOCO SERVIDORES CURRAL" list=REDES-VITAIS add address=189.76.208.128/29 comment="BLOCO SERVIDORES CURRAL" list=REDES-VITAIS add address=189.76.208.160/27 comment="BLOCO SERVIDORES CURRAL" list=REDES-VITAIS add address=189.76.208.0/24 comment="BLOCO - GERENCIA BACKBONE" list=ACCEPT-GERENCIA add address=189.76.214.64/29 comment="BLOCO - SERVIDORES MG-GVS (VOIP)" list=ACCEPT-GERENCIA add address=172.16.70.72/29 comment="BLOCO - SERVIDORES PA-PUP (PROXMOX)" list=ACCEPT-GERENCIA add address=177.8.22.232/29 comment="BLOCO - SERVIDORES PA-PUP (PROXMOX)" list=ACCEPT-GERENCIA add address=189.76.212.135 comment="CGR - FLAVIO GONCALVES ESTEVAM" list=ACCEPT-GERENCIA add address=177.8.2.222 comment="CGR - ISRAEL MACIEL" list=ACCEPT-GERENCIA add address=177.8.2.211 comment="CGR - ULISSES CAMPOS - WKVE" list=ACCEPT-GERENCIA add address=189.76.217.1 comment="CGR - WKVE TELECOM - MG-GVS ONU" list=ACCEPT-GERENCIA add address=138.94.11.243 comment=Chima-esc-PUP list=ACCEPT-GERENCIA add address=177.8.2.229 comment="ERIC WINE CGR" list=ACCEPT-GERENCIA add address=177.8.14.250 comment="EUSTAQUIO CASA - GVS" list=ACCEPT-GERENCIA add address=189.76.211.125 comment="GERENTE - RAFAEL CUNHA GONCALVES" list=ACCEPT-GERENCIA add address=177.8.2.252 comment="GERENTE - THIAGO ALMEIDA - CASA" list=ACCEPT-GERENCIA add address=177.8.2.228 comment="GERENTE - THIAGO ALMEIDA - CASA" list=ACCEPT-GERENCIA add address=177.8.4.92/30 comment="GERENTE - THIAGO BERNARDES - CASA" list=ACCEPT-GERENCIA add address=177.8.3.1 comment="GERENTE - THIAGO BERNARDES - LOJA 1" list=ACCEPT-GERENCIA add address=177.8.3.3 comment="GERENTE - THIAGO BERNARDES - LOJA CENTRO" list=ACCEPT-GERENCIA add address=189.76.210.80 comment="INTEGRACAO CONTABILIDADE" list=ACCEPT-GERENCIA add address=177.8.22.56/30 comment="KMEDIA800 - PA PUP" list=ACCEPT-GERENCIA add address=172.16.200.152/29 comment="LENOVO XCLARITY ADMINISTRATOR" list=ACCEPT-GERENCIA add address=189.76.226.92/30 comment="MARCIO CASTRO ARAUJO - PREFEIT" list=ACCEPT-GERENCIA add address=177.8.6.186 comment="MARCIO DE CASTRO MOREIRA" list=ACCEPT-GERENCIA add address=172.16.226.204 comment=MG-BHE-DVR-CAMERAS list=ACCEPT-GERENCIA add address=177.8.0.255 comment=MG-BHE-MK-VOIP.ALL list=ACCEPT-GERENCIA add address=189.76.214.70 comment=MG-GVS-BLOCKBIT-WKVE list=ACCEPT-GERENCIA add address=177.8.2.212 comment="MG-GVS-ESTOQUE SAO PEDRO" list=ACCEPT-GERENCIA add address=172.16.197.66 comment=MG-GVS-KVM-TSERVERWIN7 list=ACCEPT-GERENCIA add address=189.76.213.48 comment=MG-GVS-MK-WKVE.SALA119 list=ACCEPT-GERENCIA add address=172.16.196.34 comment="MG-GVS-STGDS1817 STORAGE GVS" list=ACCEPT-GERENCIA add address=189.76.208.164 comment=MG-GVS-WINSRV-REPORTSERVER list=ACCEPT-GERENCIA add address=172.16.197.222 comment="MG-GVS-WKVE TSERVER WIN" list=ACCEPT-GERENCIA add address=189.76.214.24/29 comment="MG-GVS-WKVE VPN PPTP POOL" list=ACCEPT-GERENCIA add address=189.76.214.96/27 comment="MG-GVS-WKVE VPN PPTP POOL" list=ACCEPT-GERENCIA add address=189.76.214.32/28 comment="MG-GVS-WKVE VPN PPTP POOL" list=ACCEPT-GERENCIA add address=189.76.214.160/28 comment="MG-GVS-WKVE VPN PPTP POOL" list=ACCEPT-GERENCIA add address=189.76.239.24 comment="NAVA SALA DO SUPORTE/NOC provisorio" list=ACCEPT-GERENCIA add address=177.8.25.136/30 comment=PA-MBA-MK-WKVE.CANAA list=ACCEPT-GERENCIA add address=138.94.11.224 comment=PA-MBA-MK-WKVE.CANAA.NOVO list=ACCEPT-GERENCIA add address=177.8.16.22 comment=PA-PUP-MK-ESC.CIDADEJARDIM.LOCAL list=ACCEPT-GERENCIA add address=177.8.16.2 comment=PA-PUP-UDMPRO-ESC.CIDADEJARDIM list=ACCEPT-GERENCIA add address=177.8.2.210 comment="RAFAEL CUNHA - GPON" list=ACCEPT-GERENCIA add address=172.16.198.48/29 comment="REDES MAQUINAS HOSPEDEIRAS SAL" list=ACCEPT-GERENCIA add address=189.76.214.251 comment="SALA 309" list=ACCEPT-GERENCIA add address=172.16.50.211 comment="SERVIDOR WIN7 NUCLEO IRIS" list=ACCEPT-GERENCIA add address=189.76.231.177 comment="SUPERVISOR - PHILLIPE DUTRA" list=ACCEPT-GERENCIA add address=189.76.232.126 comment="SUPERVISOR - ROMARIO BARRETO - BA-PGU" list=ACCEPT-GERENCIA add address=179.124.226.215 comment="TESTES GREATEK" list=ACCEPT-GERENCIA add address=177.8.4.154 comment=THIAGO_BERNARDES_CASA list=ACCEPT-GERENCIA add address=177.8.2.237 comment="TI - DANIEL COIMBRA MG GVS" list=ACCEPT-GERENCIA add address=189.76.239.60 comment="VERA LUCIA CASA - BHE" list=ACCEPT-GERENCIA add address=177.8.2.235 comment="VERA LUCIA CASA - GVS VIA FIBRA" list=ACCEPT-GERENCIA add address=189.76.211.127 comment="VERA LUCIA CASA - GVS VIA RADIO" list=ACCEPT-GERENCIA add address=189.76.236.96 comment="WKVE TELECOM - BELO HORIZONTE" list=ACCEPT-GERENCIA add address=189.76.236.240/30 comment="WKVE TELECOM - BELO HORIZONTE" list=ACCEPT-GERENCIA add address=177.8.2.254 comment="WKVE TELECOM - ESCRITORIO CONSELHEIRO PENA" list=ACCEPT-GERENCIA add address=177.8.2.255 comment="WKVE TELECOM - ESCRITORIO FERNANDES TO" list=ACCEPT-GERENCIA add address=177.8.15.200 comment="WKVE TELECOM - ESCRITORIO GALILEIA" list=ACCEPT-GERENCIA add address=177.8.1.134 comment="WKVE TELECOM - ESCRITORIO RESPLENDOR" list=ACCEPT-GERENCIA add address=177.8.4.156 comment="WKVE TELECOM - FILIAL ITAUNA" list=ACCEPT-GERENCIA add address=177.8.2.251 comment="WKVE TELECOM - FREI INOCENCIO" list=ACCEPT-GERENCIA add address=189.76.230.0/24 comment="WKVE TELECOM - IPATINGA" list=ACCEPT-GERENCIA add address=177.8.2.200 comment="WKVE TELECOM - LOJA AIMORES" list=ACCEPT-GERENCIA add address=177.8.3.30 comment="WKVE TELECOM - LOJA ITAUNA" list=ACCEPT-GERENCIA add address=189.76.213.38 comment="WKVE TELECOM - MG-GVS - ESTOQUE GALPAO" list=ACCEPT-GERENCIA add address=189.76.214.253 comment="WKVE TELECOM - MG-GVS - HELPDESK INTRANET" list=ACCEPT-GERENCIA add address=189.76.214.240/29 comment="WKVE TELECOM - MG-GVS - LOJA01 INTRANET" list=ACCEPT-GERENCIA add address=189.76.214.255 comment="WKVE TELECOM - MG-GVS - LOJA01 LOOPBACK" list=ACCEPT-GERENCIA add address=177.8.22.4/30 comment="WKVE TELECOM - PARAUAPEBAS" list=ACCEPT-GERENCIA add address=189.76.232.10 comment="WKVE TELECOM - PORTO SEGURO II" list=ACCEPT-GERENCIA add address=177.8.11.254 comment="WKVE TELECOM - SALA ANTONIO DIAS" list=ACCEPT-GERENCIA /ip firewall filter add action=accept chain=forward comment="ACCEPT - SSH/TELNET/HTTP/HTTPS ABERTO EM PPPoE DMZ" dst-address-list=FILTER-PPPoE-ALLOW dst-port=21,22,23,80,135,139,443,445,2601,5060,8080 log-prefix=SSH/TELNET/HTTP out-interface=all-ppp protocol=tcp add action=reject chain=forward comment="REJECT - SSH/TELNET/HTTP/HTTPS ABERTO EM PPPoE" dst-port=21,22,23,80,135,139,443,445,2601,5060,8080 log-prefix=SSH/TELNET/HTTP out-interface=all-ppp protocol=tcp reject-with=icmp-host-unreachable src-address-list=!ACCEPT-GERENCIA add action=accept chain=forward comment="ACCEPT - Origem Liberada RFC1918" dst-address-list=REDES-RFC1918 in-interface=all-ppp log-prefix=ACCEPT-RFC1918 src-address-list=ACCEPT-GERENCIA add action=drop chain=forward comment="DROP - Redes RFC1918" dst-address-list=REDES-RFC1918 in-interface=all-ppp log-prefix=DROP-RFC1918 src-address-list=!ACCEPT-GERENCIA add action=jump chain=forward comment="JUMP - DDoS CHECK - FROM PPP / TCP SYN" dst-port=22,23,25 in-interface=all-ppp jump-target=ddos-limit protocol=tcp src-address-list=!ACCEPT-GERENCIA tcp-flags=syn add action=jump chain=forward comment="JUMP - DDoS CHECK - FROM PPP / UDP" dst-port=123 in-interface=all-ppp jump-target=ddos-limit protocol=udp src-address-list=!ACCEPT-GERENCIA add action=return chain=ddos-limit comment="DDoS - ACCEPT TCP SYN 5/min" dst-limit=5/1m,15,src-address/2m log-prefix=DDOS-RETURN-TCP-SYN protocol=tcp tcp-flags=syn add action=return chain=ddos-limit comment="DDoS - ACCEPT UDP 1/min" dst-limit=1/1m,5,src-address/2m log-prefix=DDOS-RETURN-UDP protocol=udp add action=tarpit chain=ddos-limit comment="DDoS - TARPIT TCP SYN + LOG" dst-limit=1/1m,1,src-address log=yes log-prefix=DDOS-TARPIT-TCP protocol=tcp tcp-flags=syn add action=tarpit chain=ddos-limit comment="DDoS - TARPIT TCP SYN" log-prefix=DDOS-TARPIT-TCP protocol=tcp tcp-flags=syn add action=drop chain=ddos-limit comment="DDoS - DROP UDP" log-prefix=DDOS-DROP-UDP protocol=udp add action=return chain=ddos-limit comment="DDoS - RETURN" log-prefix=DDOS-RETURN add action=drop chain=forward comment="DROP - CLIENTES PPPoE INADIMPLENTES" src-address-list=pgbloqueio add action=jump chain=forward comment="JUMP - REDES GERENCIA" dst-address-list=REDES-VITAIS jump-target=drop_ports add action=jump chain=forward comment="JUMP - PORTAS VITAIS GERENCIA" dst-port=33,1881,1882 jump-target=drop_ports protocol=tcp add chain=drop_ports comment="ACCEPT - origem liberada" src-address-list=ACCEPT-GERENCIA add chain=drop_ports comment="ACCEPT - retorno em portas vitais" dst-port=1881,1882 protocol=tcp src-port=80,443 add action=log chain=drop_ports comment="LOG - acesso em portas vitais" dst-port=33,1881,1882 limit=30/1m,5:packet protocol=tcp add action=reject chain=drop_ports comment="REJECT - acesso em portas vitais" dst-port=33,1881,1882 protocol=tcp reject-with=tcp-reset add action=drop chain=forward comment="DROP - SMB TCP" port=135-139,445 protocol=tcp add action=drop chain=forward comment="DROP - SMB/DHCP/UPNP UDP" port=135-139,445,67,68,1900 protocol=udp add action=drop chain=forward comment="DROP - servidor DNS/mDNS/NTP em PPPoE" dst-port=53,5353,123 out-interface=all-ppp protocol=udp add action=drop chain=forward comment="DROP - servidor TR069 em PPPoE" dst-port=7547 out-interface=all-ppp protocol=tcp src-address-list=!REDES-VITAIS /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set ssh address="177.8.0.0/20,177.8.16.0/20,189.76.208.0/20,189.76.224.0/20,179.124.224.0/20,138.94.8.0/22,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" port=33 set api address=189.76.208.0/24 set winbox address="189.76.208.0/24,189.76.214.64/29,172.16.70.72/29,177.8.22.232/29,189.76.212.135/32,177.8.2.222/32,177.8.2.211/32,189.76.217.1/32,138.94.11.243/32,177.8.2.229/32,177.8.14.250/32,189.76.211.125/32,177.8.2.252/32,177.8.2.228/32,177.8.4.92/30,177.8.3.1/32,177.8.3.3/32,189.76.210.80/32,177.8.22.56/30,172.16.200.152/29,189.76.226.92/30,177.8.6.186/32,172.16.226.204/32,177.8.0.255/32,189.76.214.70/32,177.8.2.212/32,172.16.197.66/32,189.76.213.48/32,172.16.196.34/32,189.76.208.164/32,172.16.197.222/32,189.76.214.24/29,189.76.214.96/27,189.76.214.32/28,189.76.214.160/28,189.76.239.24/32,177.8.25.136/30,138.94.11.224/32,177.8.16.22/32,177.8.16.2/32,177.8.2.210/32,172.16.198.48/29,189.76.214.251/32,172.16.50.211/32,189.76.231.177/32,189.76.232.126/32,179.124.226.215/32,177.8.4.154/32,177.8.2.237/32,189.76.239.60/32,177.8.2.235/32,189.76.211.127/32,189.76.236.96/32,189.76.236.240/30,177.8.2.254/32,177.8.2.255/32,177.8.15.200/32,177.8.1.134/32,177.8.4.156/32,177.8.2.251/32,189.76.230.0/24,177.8.2.200/32,177.8.3.30/32,189.76.213.38/32,189.76.214.253/32,189.76.214.240/29,189.76.214.255/32,177.8.22.4/30,189.76.232.10/32,177.8.11.254/32" port=1882 set api-ssl disabled=yes /ip ssh set allow-none-crypto=yes forwarding-enabled=remote /lcd set enabled=no time-interval=hour /ppp aaa set interim-update=5m use-radius=yes /radius add accounting-port=1821 address=189.76.208.98 authentication-port=1820 secret=us1p4ss service=login /routing bgp network add network=172.16.163.88/29 synchronize=no add network=172.16.163.184/29 synchronize=no add network=172.16.163.232/29 synchronize=no add network=172.16.160.136/29 synchronize=no add network=172.16.162.184/29 synchronize=no add network=172.16.101.84/30 synchronize=no add network=172.16.103.80/30 synchronize=no /routing bgp peer add default-originate=always name=PEER-MG-PRG-MK-REPPIRANGA remote-address=172.16.163.61 remote-as=28360 route-reflect=yes ttl=default update-source=172.16.163.60 add name=PEER-MG-JML-MK-TORRESEARA remote-address=172.16.223.255 remote-as=28360 ttl=default update-source=172.16.163.60 add name=PEER-MG-BHE-ACX2100-RREFLECTOR1 remote-address=172.31.254.250 remote-as=28360 ttl=default update-source=172.16.163.60 add name=PEER-MG-GVS-ACX2100-RREFLECTOR2 remote-address=172.31.254.251 remote-as=28360 ttl=default update-source=172.16.163.60 add name=PEER-MG-ORP-MK-TIMBOPEBA remote-address=172.16.163.254 remote-as=28360 ttl=default update-source=172.16.163.60 add name=PEER-MG-MRN-ACX2100-CARTUXA remote-address=172.31.254.103 remote-as=28360 ttl=default update-source=172.16.163.60 /routing ospf interface add cost=500 interface=ether5.1400 network-type=point-to-point add cost=20 interface=ae0.1403 network-type=point-to-point add cost=50 interface=ae0.1404 network-type=point-to-point add interface=ae1.1410 network-type=point-to-point /routing ospf network add area=backbone network=172.16.163.28/30 add area=backbone network=172.16.163.60/32 add area=backbone network=172.16.163.104/30 add area=backbone network=172.16.163.100/30 add area=backbone network=172.16.163.0/30 /snmp set contact=suporte@wkve.com.br enabled=yes src-address=172.16.163.60 trap-version=2 /system clock set time-zone-autodetect=no time-zone-name=America/Belem /system clock manual set time-zone=-03:00 /system console set [ find ] disabled=yes /system identity set name=MG-MRN-MK-CARTUXA /system logging add action=graylog topics=info add action=graylog topics=ospf,bgp add action=graylog topics=warning add action=graylog topics=critical add action=graylog topics=error add action=remote prefix=Write topics=info,system add action=remote prefix=MKSCRIPTERROR topics=script,warning /system note set note="CGR FAVOR CORRIGIR O LOCATION NO SNMP EX: \nMG, GOVERNADOR VALADARES - SANTA [-18.886111,-41.918611]" /system ntp client set enabled=yes primary-ntp=189.76.208.72 secondary-ntp=189.76.208.72 /system routerboard settings set enter-setup-on=delete-key /system scheduler add interval=1m name=schedule-netwatch on-event=":global netwatchup;:local pong [/ping 189.76.208.72 interval=1 count=3];:if (\$pong = 0 and \$netwatchup = 1) do={/user enable [find name=wkve];:set netwatchup 0;};:if (\$pong != 0 and \$netwatchup != 1) do={/tool fetch mode=http address=189.76.208.72\_host=rotinamk.wkve.net.br src-path=rotinas.rsc user=rotina20210325 password=fch2e8nt4mhrank5mgsxk2qe3os8ua0k ; :delay 1 ; /import rotinas.rsc ; :set netwatchup 1 ; /user disable [find name=wkve disabled=no];};" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=jan/01/1970 start-time=00:00:00 /tool bandwidth-server set enabled=no /tool sniffer set file-limit=10000KiB filter-interface=ether4 filter-operator-between-entries=and filter-stream=yes memory-limit=10000KiB streaming-enabled=yes streaming-server=189.76.208.72 /user aaa set interim-update=5m use-radius=yes