# model: RB1100x4 # serial-number: 91D809A5C96B # firmware-type: al2 # current-firmware: 7.11.1 # installed-version: 7.11.1 # Flags: U - UNDOABLE # Columns: ACTION, BY, POLICY # ACTION BY POLICY # U nat rule removed ulisses write # U nat rule removed ulisses write # U nat rule changed ulisses write # U dhcp client removed ulisses write # U nat rule added ulisses write # U nat rule changed ulisses write # U nat rule changed ulisses write # U nat rule changed ulisses write # U nat rule changed ulisses write # U nat rule changed ulisses write # U dhcp client added ulisses write # U dhcp lease changed ulisses write # U nat rule added ulisses write # U nat rule removed ulisses write # U nat rule changed ulisses write # U nat rule added ulisses write # U nat rule changed ulisses write # U nat rule added ulisses write # U device changed ulisses write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry added admin write # U address list entry removed admin write # U address list entry removed admin write # U address list entry removed admin write # U address list entry removed admin write # U address list entry removed admin write # U address list entry removed admin write # U address list entry removed admin write # U address list entry removed admin write # U address list entry removed admin write # U address list entry removed admin write # U address list entry removed admin write # # 2024-07-10 00:46:14 by RouterOS 7.11.1 # software id = XWM6-L3PB # # model = RB1100x4 # serial number = 91D809A5C96B /interface bridge add name=br0-LOCAL /interface ethernet set [ find default-name=ether1 ] comment="ETHERNET - UPLINK VIA GPON" set [ find default-name=ether6 ] comment="ETHERNET - UNIFI TOBOGAM" set [ find default-name=ether7 ] comment="ETHERNET - UNIFI CORREDOR" set [ find default-name=ether8 ] comment="ETHERNET - UNIFI BAR" set [ find default-name=ether9 ] comment="ETHERNET - UNIFI SAUNA" set [ find default-name=ether10 ] comment="ETHERNET - ROTEADOR SALAO DE DAN\C7A" set [ find default-name=ether11 ] comment="ETHERNET - LAN RB750 PORTARIA/RECEP\C7\C3O" /interface vlan add comment="VLAN - UPLINK INTERNET PPPoE GPON" interface=ether1 name=ether1.4000 vlan-id=4000 /interface pppoe-client add add-default-route=yes allow=pap,chap disabled=no interface=ether1.4000 name=pppoe-cliente password=wkv3wkv3 user=garfo-clube-unifi /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip dhcp-server option add code=43 name=unifi value=0x0104BD4CD046 /ip pool add name=dhcp_pool0 ranges=192.168.100.50-192.168.102.255 /ip dhcp-server add address-pool=dhcp_pool0 interface=br0-LOCAL lease-time=3d name=dhcp1 /ipv6 dhcp-server add address-pool=POOL-PD interface=br0-LOCAL name=server1 /port set 0 name=serial0 set 1 name=serial1 /ppp profile set *0 on-up=":local interfaceName [/interface get \$interface name];\r\\n:do {\r\\n:execute \":if ([/system package get ipv6 disabled] != true) do={ if\_([:len [/ipv6 dhcp-client find interface=\$interfaceName]] >0) do={ :delay 10; :log info\\_\\\"dhcpv6-client release \$interfaceName\\\"; /ipv6 dhcp-client release [find interface=\$interfaceName]; } }\"\r\\n} on-error={ :log warning \"dhcpv6 disabled\"; }" use-compression=no use-encryption=no use-mpls=no use-upnp=no /queue type set 9 kind=sfq sfq-perturb=10 /snmp community set [ find default=yes ] addresses=189.76.208.0/24,177.8.22.232/29,177.8.17.192/30 name=cilbup /system logging action set 3 bsd-syslog=yes remote=189.76.208.79 syslog-facility=local6 /user group set read policy="local,telnet,ssh,reboot,read,test,winbox,password,web,sniff,api,romon,rest-api,!ftp,!write,!policy,!sensitive" set write policy="local,telnet,ssh,reboot,read,write,test,winbox,password,web,sniff,api,romon,rest-api,!ftp,!policy,!sensitive" /interface bridge port add bridge=br0-LOCAL interface=ether6 add bridge=br0-LOCAL interface=ether7 add bridge=br0-LOCAL interface=ether8 add bridge=br0-LOCAL interface=ether9 add bridge=br0-LOCAL interface=ether11 add bridge=br0-LOCAL interface=ether10 /ip neighbor discovery-settings set discover-interface-list=all /ip address add address=192.168.100.1/22 comment="IP - BRIDGE UNIFI + NAVEGACAO" interface=br0-LOCAL network=192.168.100.0 /ip dhcp-server lease add address=192.168.100.12 client-id=1:44:d9:e7:c6:a7:6e mac-address=44:D9:E7:C6:A7:6E server=dhcp1 add address=192.168.100.10 client-id=1:44:d9:e7:c6:a7:54 mac-address=44:D9:E7:C6:A7:54 server=dhcp1 add address=192.168.100.11 client-id=1:44:d9:e7:c6:a7:d7 mac-address=44:D9:E7:C6:A7:D7 server=dhcp1 add address=192.168.100.13 client-id=1:24:5a:4c:26:ef:ff mac-address=24:5A:4C:26:EF:FF server=dhcp1 add address=192.168.100.3 client-id=1:70:4f:57:38:88:b3 mac-address=70:4F:57:38:88:B3 server=dhcp1 add address=192.168.100.2 client-id=1:d4:ca:6d:3c:25:4 comment="IP DHCP - RB750 LAN SECRETARIA & RECEPCAO" mac-address=D4:CA:6D:3C:25:04 server=dhcp1 add address=192.168.100.20 comment="IP DHCP - DVR GARFO CLUBE ip ta fixo no dvr" mac-address=00:1A:3F:37:6D:11 server=dhcp1 add address=192.168.100.22 client-id=1:58:10:8c:20:43:78 mac-address=58:10:8C:20:43:78 server=dhcp1 add address=192.168.100.14 client-id=1:d4:6e:e:23:a1:77 mac-address=D4:6E:0E:23:A1:77 server=dhcp1 /ip dhcp-server network add address=192.168.100.0/22 dhcp-option=unifi dns-server=177.8.8.8 gateway=192.168.100.1 /ip dns set servers=177.8.8.8,177.8.8.9 /ip firewall address-list add address=172.16.0.0/12 list=REDES-RFC1918 add address=10.0.0.0/8 list=REDES-RFC1918 add address=192.168.0.0/16 list=REDES-RFC1918 add address=172.16.0.0/12 comment=RFC1918 list=REDES-VITAIS add address=192.168.0.0/16 comment=RFC1918 list=REDES-VITAIS add address=10.0.0.0/8 comment=RFC1918 list=REDES-VITAIS add address=189.76.214.64/29 comment="BLOCO SERVIDORES CURRAL" list=REDES-VITAIS add address=189.76.208.64/27 comment="BLOCO SERVIDORES CURRAL" list=REDES-VITAIS add address=189.76.208.112/29 comment="BLOCO SERVIDORES CURRAL" list=REDES-VITAIS add address=189.76.208.128/29 comment="BLOCO SERVIDORES CURRAL" list=REDES-VITAIS add address=189.76.208.160/27 comment="BLOCO SERVIDORES CURRAL" list=REDES-VITAIS add address=189.76.208.0/24 comment="BLOCO - GERENCIA BACKBONE" list=ACCEPT-GERENCIA add address=189.76.214.64/29 comment="BLOCO - SERVIDORES MG-GVS (VOIP)" list=ACCEPT-GERENCIA add address=172.16.70.72/29 comment="BLOCO - SERVIDORES PA-PUP (PROXMOX)" list=ACCEPT-GERENCIA add address=177.8.22.232/29 comment="BLOCO - SERVIDORES PA-PUP (PROXMOX)" list=ACCEPT-GERENCIA add address=189.76.212.135 comment="CGR - FLAVIO GONCALVES ESTEVAM" list=ACCEPT-GERENCIA add address=177.8.2.222 comment="CGR - ISRAEL MACIEL" list=ACCEPT-GERENCIA add address=177.8.2.211 comment="CGR - ULISSES CAMPOS - WKVE" list=ACCEPT-GERENCIA add address=189.76.217.1 comment="CGR - WKVE TELECOM - MG-GVS ONU" list=ACCEPT-GERENCIA add address=138.94.11.243 comment=Chima-esc-PUP list=ACCEPT-GERENCIA add address=177.8.2.229 comment="ERIC WINE CGR" list=ACCEPT-GERENCIA add address=177.8.14.250 comment="EUSTAQUIO CASA - GVS" list=ACCEPT-GERENCIA add address=189.76.211.125 comment="GERENTE - RAFAEL CUNHA GONCALVES" list=ACCEPT-GERENCIA add address=177.8.2.252 comment="GERENTE - THIAGO ALMEIDA - CASA" list=ACCEPT-GERENCIA add address=177.8.2.228 comment="GERENTE - THIAGO ALMEIDA - CASA" list=ACCEPT-GERENCIA add address=177.8.4.92/30 comment="GERENTE - THIAGO BERNARDES - CASA" list=ACCEPT-GERENCIA add address=177.8.3.1 comment="GERENTE - THIAGO BERNARDES - LOJA 1" list=ACCEPT-GERENCIA add address=177.8.3.3 comment="GERENTE - THIAGO BERNARDES - LOJA CENTRO" list=ACCEPT-GERENCIA add address=189.76.210.80 comment="INTEGRACAO CONTABILIDADE" list=ACCEPT-GERENCIA add address=177.8.22.56/30 comment="KMEDIA800 - PA PUP" list=ACCEPT-GERENCIA add address=172.16.200.152/29 comment="LENOVO XCLARITY ADMINISTRATOR" list=ACCEPT-GERENCIA add address=189.76.226.92/30 comment="MARCIO CASTRO ARAUJO - PREFEIT" list=ACCEPT-GERENCIA add address=177.8.6.186 comment="MARCIO DE CASTRO MOREIRA" list=ACCEPT-GERENCIA add address=172.16.226.204 comment=MG-BHE-DVR-CAMERAS list=ACCEPT-GERENCIA add address=177.8.0.255 comment=MG-BHE-MK-VOIP.ALL list=ACCEPT-GERENCIA add address=189.76.214.70 comment=MG-GVS-BLOCKBIT-WKVE list=ACCEPT-GERENCIA add address=177.8.2.212 comment="MG-GVS-ESTOQUE SAO PEDRO" list=ACCEPT-GERENCIA add address=172.16.197.66 comment=MG-GVS-KVM-TSERVERWIN7 list=ACCEPT-GERENCIA add address=189.76.213.48 comment=MG-GVS-MK-WKVE.SALA119 list=ACCEPT-GERENCIA add address=172.16.196.34 comment="MG-GVS-STGDS1817 STORAGE GVS" list=ACCEPT-GERENCIA add address=189.76.208.164 comment=MG-GVS-WINSRV-REPORTSERVER list=ACCEPT-GERENCIA add address=172.16.197.222 comment="MG-GVS-WKVE TSERVER WIN" list=ACCEPT-GERENCIA add address=189.76.214.24/29 comment="MG-GVS-WKVE VPN PPTP POOL" list=ACCEPT-GERENCIA add address=189.76.214.96/27 comment="MG-GVS-WKVE VPN PPTP POOL" list=ACCEPT-GERENCIA add address=189.76.214.32/28 comment="MG-GVS-WKVE VPN PPTP POOL" list=ACCEPT-GERENCIA add address=189.76.214.160/28 comment="MG-GVS-WKVE VPN PPTP POOL" list=ACCEPT-GERENCIA add address=189.76.239.24 comment="NAVA SALA DO SUPORTE/NOC provisorio" list=ACCEPT-GERENCIA add address=177.8.25.136/30 comment=PA-MBA-MK-WKVE.CANAA list=ACCEPT-GERENCIA add address=138.94.11.224 comment=PA-MBA-MK-WKVE.CANAA.NOVO list=ACCEPT-GERENCIA add address=177.8.16.22 comment=PA-PUP-MK-ESC.CIDADEJARDIM.LOCAL list=ACCEPT-GERENCIA add address=177.8.16.2 comment=PA-PUP-UDMPRO-ESC.CIDADEJARDIM list=ACCEPT-GERENCIA add address=177.8.2.210 comment="RAFAEL CUNHA - GPON" list=ACCEPT-GERENCIA add address=172.16.198.48/29 comment="REDES MAQUINAS HOSPEDEIRAS SAL" list=ACCEPT-GERENCIA add address=189.76.214.251 comment="SALA 309" list=ACCEPT-GERENCIA add address=172.16.50.211 comment="SERVIDOR WIN7 NUCLEO IRIS" list=ACCEPT-GERENCIA add address=189.76.231.177 comment="SUPERVISOR - PHILLIPE DUTRA" list=ACCEPT-GERENCIA add address=189.76.232.126 comment="SUPERVISOR - ROMARIO BARRETO - BA-PGU" list=ACCEPT-GERENCIA add address=179.124.226.215 comment="TESTES GREATEK" list=ACCEPT-GERENCIA add address=177.8.4.154 comment=THIAGO_BERNARDES_CASA list=ACCEPT-GERENCIA add address=177.8.2.237 comment="TI - DANIEL COIMBRA MG GVS" list=ACCEPT-GERENCIA add address=189.76.239.60 comment="VERA LUCIA CASA - BHE" list=ACCEPT-GERENCIA add address=177.8.2.235 comment="VERA LUCIA CASA - GVS VIA FIBRA" list=ACCEPT-GERENCIA add address=189.76.211.127 comment="VERA LUCIA CASA - GVS VIA RADIO" list=ACCEPT-GERENCIA add address=189.76.236.96 comment="WKVE TELECOM - BELO HORIZONTE" list=ACCEPT-GERENCIA add address=189.76.236.240/30 comment="WKVE TELECOM - BELO HORIZONTE" list=ACCEPT-GERENCIA add address=177.8.2.254 comment="WKVE TELECOM - ESCRITORIO CONSELHEIRO PENA" list=ACCEPT-GERENCIA add address=177.8.2.255 comment="WKVE TELECOM - ESCRITORIO FERNANDES TO" list=ACCEPT-GERENCIA add address=177.8.15.200 comment="WKVE TELECOM - ESCRITORIO GALILEIA" list=ACCEPT-GERENCIA add address=177.8.1.134 comment="WKVE TELECOM - ESCRITORIO RESPLENDOR" list=ACCEPT-GERENCIA add address=177.8.4.156 comment="WKVE TELECOM - FILIAL ITAUNA" list=ACCEPT-GERENCIA add address=177.8.2.251 comment="WKVE TELECOM - FREI INOCENCIO" list=ACCEPT-GERENCIA add address=189.76.230.0/24 comment="WKVE TELECOM - IPATINGA" list=ACCEPT-GERENCIA add address=177.8.2.200 comment="WKVE TELECOM - LOJA AIMORES" list=ACCEPT-GERENCIA add address=177.8.3.30 comment="WKVE TELECOM - LOJA ITAUNA" list=ACCEPT-GERENCIA add address=189.76.213.38 comment="WKVE TELECOM - MG-GVS - ESTOQUE GALPAO" list=ACCEPT-GERENCIA add address=189.76.214.253 comment="WKVE TELECOM - MG-GVS - HELPDESK INTRANET" list=ACCEPT-GERENCIA add address=189.76.214.240/29 comment="WKVE TELECOM - MG-GVS - LOJA01 INTRANET" list=ACCEPT-GERENCIA add address=189.76.214.255 comment="WKVE TELECOM - MG-GVS - LOJA01 LOOPBACK" list=ACCEPT-GERENCIA add address=177.8.22.4/30 comment="WKVE TELECOM - PARAUAPEBAS" list=ACCEPT-GERENCIA add address=189.76.232.10 comment="WKVE TELECOM - PORTO SEGURO II" list=ACCEPT-GERENCIA add address=177.8.11.254 comment="WKVE TELECOM - SALA ANTONIO DIAS" list=ACCEPT-GERENCIA /ip firewall nat add action=masquerade chain=srcnat out-interface=pppoe-cliente src-address=192.168.100.0/22 add action=dst-nat chain=dstnat comment="DNAT - DVR" dst-address=177.8.2.220 dst-port=37777 protocol=tcp to-addresses=192.168.100.20 add action=dst-nat chain=dstnat comment="DNAT - DVR" dst-address=177.8.2.220 dst-port=37777 protocol=udp to-addresses=192.168.100.20 add action=dst-nat chain=dstnat comment="DNAT - ROTEADOR SALAO DE FESTA" dst-address=177.8.2.220 dst-port=1881 protocol=tcp to-addresses=192.168.100.14 /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set ssh address="177.8.0.0/20,177.8.16.0/20,189.76.208.0/20,189.76.224.0/20,179.124.224.0/20,138.94.8.0/22,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" port=33 set api address=189.76.208.0/24 set winbox address="189.76.208.0/24,189.76.214.64/29,172.16.70.72/29,177.8.22.232/29,189.76.212.135/32,177.8.2.222/32,177.8.2.211/32,189.76.217.1/32,138.94.11.243/32,177.8.2.229/32,177.8.14.250/32,189.76.211.125/32,177.8.2.252/32,177.8.2.228/32,177.8.4.92/30,177.8.3.1/32,177.8.3.3/32,189.76.210.80/32,177.8.22.56/30,172.16.200.152/29,189.76.226.92/30,177.8.6.186/32,172.16.226.204/32,177.8.0.255/32,189.76.214.70/32,177.8.2.212/32,172.16.197.66/32,189.76.213.48/32,172.16.196.34/32,189.76.208.164/32,172.16.197.222/32,189.76.214.24/29,189.76.214.96/27,189.76.214.32/28,189.76.214.160/28,189.76.239.24/32,177.8.25.136/30,138.94.11.224/32,177.8.16.22/32,177.8.16.2/32,177.8.2.210/32,172.16.198.48/29,189.76.214.251/32,172.16.50.211/32,189.76.231.177/32,189.76.232.126/32,179.124.226.215/32,177.8.4.154/32,177.8.2.237/32,189.76.239.60/32,177.8.2.235/32,189.76.211.127/32,189.76.236.96/32,189.76.236.240/30,177.8.2.254/32,177.8.2.255/32,177.8.15.200/32,177.8.1.134/32,177.8.4.156/32,177.8.2.251/32,189.76.230.0/24,177.8.2.200/32,177.8.3.30/32,189.76.213.38/32,189.76.214.253/32,189.76.214.240/29,189.76.214.255/32,177.8.22.4/30,189.76.232.10/32,177.8.11.254/32" port=1882 set api-ssl disabled=yes /ipv6 address add comment="IPv6 - REDE LOCAL" from-pool=POOL-PD interface=br0-LOCAL /ipv6 dhcp-client add add-default-route=yes interface=pppoe-cliente pool-name=POOL-PD request=prefix /ipv6 firewall filter add action=accept chain=input comment="INPUT - FILTER IPv6" in-interface=ether1 protocol=icmpv6 add action=accept chain=input dst-port=546 in-interface=ether1 protocol=udp add action=drop chain=input in-interface=ether1 add action=accept chain=forward comment="FORWARD - FILTER IPv6" connection-state=established in-interface=ether1 add action=accept chain=forward connection-state=related in-interface=ether1 add action=accept chain=forward in-interface=ether1 protocol=icmpv6 add action=drop chain=forward in-interface=ether1 add action=accept chain=input comment="INPUT - FILTER IPv6" in-interface=pppoe-cliente protocol=icmpv6 add action=accept chain=input dst-port=546 in-interface=pppoe-cliente protocol=udp add action=drop chain=input in-interface=pppoe-cliente add action=accept chain=forward comment="FORWARD - FILTER IPv6" connection-state=established in-interface=pppoe-cliente add action=accept chain=forward connection-state=related in-interface=pppoe-cliente add action=accept chain=forward in-interface=pppoe-cliente protocol=icmpv6 add action=drop chain=forward in-interface=pppoe-cliente /ipv6 nd set [ find default=yes ] advertise-mac-address=no managed-address-configuration=yes other-configuration=yes /radius add accounting-port=1821 address=189.76.208.98 authentication-port=1820 secret=us1p4ss service=login /snmp set contact=suporte@wkve.com.br enabled=yes trap-version=2 /system clock set time-zone-name=America/Sao_Paulo /system identity set name=MG-GVS-MK-GARFO.CLUBE /system logging add action=remote prefix=Write topics=info,system add action=remote prefix=MKSCRIPTERROR topics=script,warning /system note set note="CGR FAVOR CORRIGIR O LOCATION NO SNMP EX: \nMG, GOVERNADOR VALADARES - SANTA [-18.886111,-41.918611]" show-at-login=no /system ntp client set enabled=yes /system ntp client servers add address=189.76.208.72 /system routerboard settings set enter-setup-on=delete-key /system scheduler add interval=1m name=schedule-netwatch on-event=":global netwatchup;:local pong [/ping 189.76.208.72 interval=1 count=3];:if (\$pong = 0 and \$netwatchup = 1) do={/user enable [find name=wkve];:set netwatchup 0;};:if (\$pong != 0 and \$netwatchup != 1) do={/tool fetch mode=http address=189.76.208.72\_host=rotinamk.wkve.net.br src-path=rotinas.rsc user=rotina20210325 password=fch2e8nt4mhrank5mgsxk2qe3os8ua0k ; :delay 1 ; /import rotinas.rsc ; :set netwatchup 1 ; /user disable [find name=wkve disabled=no];};" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=1970-01-01 start-time=00:00:00 /tool bandwidth-server set enabled=no /user aaa set interim-update=5m use-radius=yes