MMM MMM KKK TTTTTTTTTTT KKK

MMMM MMMM KKK TTTTTTTTTTT KKK

MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
 MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK

MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK

MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK

MikroTik RouterOS 6.40 (c) 1999-2017 http://www.mikrotik.com/

[?] Gives the list of available commands

command [?] Gives help on the command and list of arguments

[Tab] Completes the command/word. If the input is ambiguous,

a second [Tab] gives possible options

/ Move up to base level

.. Move up one level

/command Use command at the base level

sep/14/2017 17:21:20 system,error,critical login failure for user admin from 3C:A0:67:3B:09:6C
via winbox

[XxjeanpieroxX@nucom r5000un] > export

# sep/14/2017 21:35:30 by RouterOS 6.40

# software id = IV31-Q3RN

# model = 951G-2HnD

# serial number = 642F052FA69A

/interface bridge

add name=bridge1-Hogar

/interface ethernet

set [ find default-name=ether1 ] comment="LAN-MASTER (5)"

set [ find default-name=ether2 ] comment="Linea 01"

set [ find default-name=ether3 ] comment="Linea 02"

set [ find default-name=ether4 ] comment="Linea 03"

/interface pppoe-client
add comment="pppoe-out1 Linea 01" disabled=no interface=ether2 name=pppoe-out1

add comment="pppoe-out2 Linea 02" disabled=no interface=ether3 name=pppoe-out2

add comment="pppoe-out3 Linea 03" disabled=no interface=ether4 name=pppoe-out3

/interface vpls

add comment="VPLS RB 450" disabled=no l2mtu=1500 mac-address=02:6E:DE:00:A4:F4

name=vpls1 remote-peer=10.1.0.2 vpls-id=1:1

add comment="VPLS OMNITIK" disabled=no l2mtu=1500 mac-address=02:75:8C:CA:F3:15

name=vpls2 remote-peer=10.1.0.3 vpls-id=2:2

/ip neighbor discovery

set ether1 discover=no

/interface vlan

add comment="Vlan100 (Nodo 1, Nodo 2)" interface=ether1 name=vlan1 use-service-tag=yes

vlan-id=100

/interface wireless security-profiles

set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" group-

ciphers=tkip,aes-ccm supplicant-identity=MikroTik unicast-ciphers=tkip,aes-ccm \

wpa-pre-shared-key=d@rw1n35cob@r wpa2-pre-shared-key=d@rw1n35cob@r

add authentication-types=wpa2-psk,wpa2-eap group-ciphers=tkip management-

protection=allowed mode=dynamic-keys name=Escobar supplicant-identity=35c0b@rd105 \

unicast-ciphers=tkip wpa2-pre-shared-key=35c0b@rd105

/interface wireless

set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no frequency=2427 mode=ap-

bridge security-profile=Escobar ssid="Escobar Dios" wireless-protocol=unspecified

/ip pool

add name=dhcp_pool1 ranges=192.168.100.2-192.168.100.254

add name=pool3 ranges=192.168.102.2-192.168.102.254

/ip dhcp-server

add address-pool=dhcp_pool1 disabled=no interface=bridge1-Hogar name=dhcp1

/ip pool

add name=pool2 next-pool=pool3 ranges=192.168.101.2-192.168.101.254

/queue tree

add disabled=yes name="Total Download" parent=bridge1-Hogar priority=1 queue=default

add disabled=yes name="Total Upload" parent=pppoe-out3 priority=1 queue=default

add disabled=yes name=Down packet-mark=To_IPsCap parent="Total Download" priority=2
queue=pcq-download-default

add disabled=yes name=Up packet-mark=To_IPsCap parent="Total Upload" priority=2

queue=pcq-upload-default

/interface bridge port

add bridge=bridge1-Hogar interface=wlan1

add bridge=bridge1-Hogar interface=ether5

/interface wireless access-list

add comment=Laptop interface=wlan1 mac-address=74:DE:2B:7B:BC:E1 vlan-mode=no-tag

add comment="Smart TV" interface=wlan1 mac-address=E4:7D:BD:AB:F4:D8 vlan-mode=no-

tag

add comment="Celular Leydi" interface=wlan1 mac-address=00:34:DA:85:C8:7E vlan-

mode=no-tag

add comment="Celular mama" interface=wlan1 mac-address=0C:14:20:BE:33:BB vlan-

mode=no-tag

add comment="Laptop Asus" interface=wlan1 mac-address=3C:A0:67:3B:09:6C vlan-mode=no-

tag

add comment="Celular Xiaomi Darwin" interface=wlan1 mac-address=F4:F5:DB:09:CF:5C vlan-

mode=no-tag

/ip address

add address=192.168.100.1/24 comment="WIFI Casa" interface=bridge1-Hogar

network=192.168.100.0

add address=10.1.0.1/24 comment="VLAN NODOS" interface=vlan1 network=10.1.0.0

/ip cloud

set ddns-enabled=yes

/ip dhcp-server network

add address=192.168.100.0/24 dns-server=192.168.100.1 gateway=192.168.100.1

/ip dns

set allow-remote-requests=yes cache-size=12288KiB servers=200.48.225.130,200.48.225.146

/ip dns static

add address=192.168.88.1 name=router.lan

/ip firewall address-list

add address=10.1.1.0/24 comment="Lan RB450g" list="Address Balanceo"

add address=192.168.100.0/24 comment="Lan Hogar" list="Address Balanceo"

add address=10.1.2.0/24 comment="Lan Omnitik" list="Address Balanceo"

/ip firewall filter

add action=accept chain=input comment="Aceptando trafico de winbox" dst-port=8291 in-

interface=all-ppp protocol=tcp

add action=accept chain=input comment="Conexiones Establecidas" connection-

state=established in-interface=all-ppp

add action=accept chain=input comment="Pasar Trafico Autenticado" connection-

state=related in-interface=all-ppp

add action=drop chain=input comment="Paquetes Invalidos" in-interface=all-ppp

add action=drop chain=forward comment="Todo P2P" disabled=yes out-interface=!all-vlan

p2p=all-p2p

add action=drop chain=input comment="Bloqueo Parcial de Ping" packet-size=128-65535

protocol=icmp

add action=drop chain=input comment="FIltra ICMP Redirect" icmp-options=5:0-255

protocol=icmp

/ip firewall mangle

add action=mark-connection chain=prerouting comment=Entrada connection-mark=no-mark

in-interface=pppoe-out1 new-connection-mark=pppoe-out1_conn passthrough=yes

add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=pppoe-

out2 new-connection-mark=pppoe-out2_conn passthrough=yes

add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=pppoe-

out3 new-connection-mark=pppoe-out3_conn passthrough=yes

add action=mark-connection chain=prerouting comment="Peso pppoe-out1" connection-

state=new dst-address-type=!local new-connection-mark=pppoe-out1_conn passthrough=yes
\

per-connection-classifier=both-addresses-and-ports:3/0 src-address-list="Address Balanceo"

add action=mark-connection chain=prerouting comment="Peso pppoe-out2" connection-

state=new dst-address-type=!local new-connection-mark=pppoe-out2_conn passthrough=yes
\

per-connection-classifier=both-addresses-and-ports:3/1 src-address-list="Address Balanceo"

add action=mark-connection chain=prerouting comment="Peso pppoe-out3" connection-

state=new dst-address-type=!local new-connection-mark=pppoe-out3_conn passthrough=yes
\

per-connection-classifier=both-addresses-and-ports:3/2 src-address-list="Address Balanceo"

add action=mark-routing chain=prerouting comment=Ruteo connection-mark=pppoe-

out1_conn new-routing-mark=to_pppoe-out1 passthrough=yes src-address-list="Address
Balanceo"
add action=mark-routing chain=prerouting connection-mark=pppoe-out2_conn new-routing-
mark=to_pppoe-out2 passthrough=yes src-address-list="Address Balanceo"

add action=mark-routing chain=prerouting connection-mark=pppoe-out3_conn new-routing-

mark=to_pppoe-out3 passthrough=yes src-address-list="Address Balanceo"

add action=mark-routing chain=output comment=Salida connection-mark=pppoe-out1_conn

new-routing-mark=to_pppoe-out1 passthrough=yes

add action=mark-routing chain=output connection-mark=pppoe-out2_conn new-routing-

mark=to_pppoe-out2 passthrough=yes

add action=mark-routing chain=output connection-mark=pppoe-out3_conn new-routing-

mark=to_pppoe-out3 passthrough=yes

add action=add-dst-to-address-list address-list=Sunat address-list-timeout=none-dynamic

chain=forward comment="Marcar Trafico de Sunat" content=sunat.gob.pe dst-port=\

80,443 protocol=tcp

add action=mark-routing chain=prerouting comment=SUNAT dst-address-list=Sunat new-

routing-mark=SUNAT passthrough=yes protocol=tcp

add action=add-dst-to-address-list address-list=bcp address-list-timeout=none-dynamic

chain=forward comment="Marcar Trafico de BCP" content=viabcp.com dst-port=80,443 \

protocol=tcp

add action=mark-routing chain=prerouting comment=BCP dst-address-list=bcp new-routing-

mark=BCP passthrough=yes protocol=tcp

add action=add-dst-to-address-list address-list=Youtube address-list-timeout=none-dynamic

chain=forward comment="Marcar Trafico de Youtube" content=googlevideo.com \

disabled=yes dst-port=80,443 protocol=tcp

add action=mark-routing chain=prerouting comment=Youtube disabled=yes dst-address-

list=Youtube new-routing-mark=Youtube passthrough=yes protocol=tcp

add action=add-dst-to-address-list address-list=Netflix address-list-timeout=none-dynamic

chain=forward comment="Marcar Trafico de Netflix" content=netflix.com dst-port=\

80,443 protocol=tcp

add action=mark-routing chain=prerouting comment=Netflix dst-address-list=Netflix new-

routing-mark=Netflix passthrough=yes protocol=tcp

add action=add-dst-to-address-list address-list=Mp4 address-list-timeout=none-dynamic

chain=forward comment="Marcar Trafico de MP4" content=s16.gestiondeservidor.com \

disabled=yes protocol=tcp

add action=mark-routing chain=prerouting comment=MP4 disabled=yes dst-address-list=Mp4

new-routing-mark=Mp4 passthrough=yes protocol=tcp

add action=add-dst-to-address-list address-list=IPsCap address-list-timeout=none-dynamic

chain=forward comment="Capturar ips" disabled=yes dst-address=192.168.100.0/24 \
 protocol=icmp

add action=add-dst-to-address-list address-list=IPsCap address-list-timeout=none-dynamic

chain=forward comment="Capturar ips" disabled=yes dst-address=192.168.103.0/24 \

protocol=icmp

add action=mark-connection chain=forward comment=IPsCap disabled=yes new-connection-

mark=IPsCap_conn passthrough=yes src-address-list=IPsCap

add action=mark-packet chain=forward connection-mark=IPsCap_conn disabled=yes new-

packet-mark=To_IPsCap passthrough=no

/ip firewall nat

add action=masquerade chain=srcnat comment="Mascarado de red Linea 01" out-

interface=pppoe-out1

add action=masquerade chain=srcnat comment="Mascarado de red Linea 02" out-

interface=pppoe-out2

add action=masquerade chain=srcnat comment="Mascarado de red Linea 03" out-

interface=pppoe-out3

add action=dst-nat chain=dstnat comment="Accediendo a RB450g-puert 80" dst-port=6110

protocol=tcp to-addresses=10.1.1.1 to-ports=80

add action=dst-nat chain=dstnat comment="Accediendo a RB450g" dst-port=6111

protocol=tcp to-addresses=10.1.1.1 to-ports=8291

add action=dst-nat chain=dstnat comment="Accediendo a Omnitik UPA" dst-port=6112

protocol=tcp to-addresses=10.2.0.2 to-ports=8291

add action=dst-nat chain=dstnat comment="Accediendo a PowerBox" dst-port=8292

protocol=tcp to-addresses=172.26.1.2 to-ports=8291

add action=dst-nat chain=dstnat comment="Accediendo a Radio Oeste" dst-port=8293

protocol=tcp to-addresses=172.26.1.3 to-ports=8291

add action=dst-nat chain=dstnat comment="Accediendo a Radio Sur" dst-port=8294

protocol=tcp to-addresses=172.26.1.4 to-ports=8291

add action=dst-nat chain=dstnat comment="Accediendo a Radio Este" dst-port=8295

protocol=tcp to-addresses=172.26.1.5 to-ports=8291

add action=dst-nat chain=dstnat comment="Accediendo a Radio NSM2" dst-port=8296

protocol=tcp to-addresses=172.26.1.3 to-ports=80

add action=dst-nat chain=dstnat comment="Accediendo a Omnitik" dst-port=8297

protocol=tcp to-addresses=10.1.0.3 to-ports=8291

add action=dst-nat chain=dstnat comment="DiscLite 5" dst-port=8298 protocol=tcp to-

addresses=172.26.1.8 to-ports=8291

add action=dst-nat chain=dstnat comment="SXT Cliente de RB450g" dst-port=8299

protocol=tcp to-addresses=10.1.1.30 to-ports=8291
add action=dst-nat chain=dstnat comment="SXT Cliente de Omnitik" dst-port=8300
protocol=tcp to-addresses=10.2.1.3 to-ports=8291

add action=dst-nat chain=dstnat comment="Clientes puerto 80" dst-port=8301 protocol=tcp

to-addresses=10.1.2.5 to-ports=80

/ip proxy

set enabled=yes port=999

/ip proxy access

add action=deny redirect-to=wisphub.net/landing/redesvip/aviso-corte/

add action=deny redirect-to=wisphub.net/landing/redesvip/aviso-corte/

/ip route

add check-gateway=ping comment="Accediendo Router Linea 01" distance=1 gateway=pppoe-

out1 routing-mark=to_pppoe-out1

add check-gateway=ping comment="Accediendo Router Linea 02" distance=1 gateway=pppoe-

out2 routing-mark=to_pppoe-out2

add check-gateway=ping comment="Accediendo Router Linea 03" distance=1 gateway=pppoe-

out3 routing-mark=to_pppoe-out3

add comment="SUNAT Saliendo Por Linea 3" distance=1 gateway=pppoe-out3 routing-

mark=SUNAT

add comment="BCP Saliendo por linea 3" distance=1 gateway=pppoe-out3 routing-mark=BCP

add comment="Youtube Saliendo por linea 3" disabled=yes distance=1 gateway=pppoe-out3

routing-mark=Youtube

add comment="Netflix Saliendo por linea 3" distance=1 gateway=pppoe-out1 routing-

mark=Netflix

add comment=MP4 distance=1 gateway=pppoe-out3 routing-mark=Mp4

add check-gateway=ping comment="Linea 01" distance=1 gateway=pppoe-out1

add check-gateway=ping comment="Linea 02" distance=2 gateway=pppoe-out2

add check-gateway=ping comment="Linea 03" distance=3 gateway=pppoe-out3

add comment="Enrutando Ip Rb 450G" distance=1 dst-address=10.1.1.0/24 gateway=10.1.0.2

add comment="EnRutando Ip Omnitik" distance=1 dst-address=10.1.2.0/24 gateway=10.1.0.3

add comment="Enrutando IP de Aps PTP y PMP" distance=1 dst-address=172.26.1.0/24

gateway=10.1.0.2

add comment="EnRutando Ip Omnitik_Administracion" distance=1 dst-

address=192.168.1.0/24 gateway=10.1.0.3

/ip service

set telnet disabled=yes

set ftp disabled=yes

set ssh disabled=yes

set api disabled=yes

set api-ssl disabled=yes

/mpls ldp

set enabled=yes loop-detect=yes lsr-id=10.1.0.1 transport-address=10.1.0.1

/mpls ldp interface

add interface=vlan1

/system clock

set time-zone-name=America/Lima

/system identity

set name="nucom r5000un"

/tool romon

set enabled=yes

[XxjeanpieroxX@nucom r5000un] >