Last active
February 4, 2025 06:54
-
-
Save pandax381/065fe0d7e88874e2a98aa7bef3c85938 to your computer and use it in GitHub Desktop.
CCR2116 Config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [admin@MikroTik] > export | |
| # 2025-02-04 04:35:47 by RouterOS 7.18beta2 | |
| # software id = ETY3-XJA9 | |
| # | |
| # model = CCR2116-12G-4S+ | |
| # serial number = XXXXXXXXXXX | |
| /interface bridge | |
| add fast-forward=no frame-types=admit-only-vlan-tagged name=bridge1 protocol-mode=none vlan-filtering=yes | |
| /interface ethernet | |
| set [ find default-name=ether13 ] name=mng | |
| /interface vlan | |
| add interface=bridge1 name=lan1 vlan-id=10 | |
| add interface=bridge1 name=lan2 vlan-id=20 | |
| add interface=bridge1 name=wan4 vlan-id=4 | |
| add interface=bridge1 name=wan6 vlan-id=6 | |
| /disk | |
| add parent=nvme1 partition-number=1 partition-offset=512 partition-size="1 000 204 885 504" type=partition | |
| /interface ethernet switch port | |
| set 4 l3-hw-offloading=no | |
| /interface list | |
| add name=LAN | |
| add name=WAN4 | |
| add name=WAN6 | |
| /interface wireless security-profiles | |
| set [ find default=yes ] supplicant-identity=MikroTik | |
| /ip pool | |
| add name=pool1 ranges=10.0.10.100-10.0.10.199 | |
| add name=pool2 ranges=10.0.20.100-10.0.20.199 | |
| /ip dhcp-server | |
| add address-pool=pool1 interface=lan1 name=dhcps1 | |
| add address-pool=pool2 interface=lan2 name=dhcps2 | |
| /port | |
| set 0 name=serial0 | |
| /interface bridge port | |
| add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether1 pvid=4 | |
| add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether2 pvid=10 | |
| add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=20 | |
| add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus1 pvid=6 | |
| add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus2 pvid=10 | |
| add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus3 pvid=10 | |
| add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus4 pvid=10 | |
| /interface ethernet switch l3hw-settings | |
| set ipv6-hw=yes | |
| /interface ethernet switch | |
| set 0 l3-hw-offloading=yes | |
| /interface list member | |
| add interface=lan1 list=LAN | |
| add interface=lan2 list=LAN | |
| add interface=wan4 list=WAN4 | |
| add interface=wan6 list=WAN6 | |
| /ip address | |
| add address=10.0.10.1/24 interface=lan1 network=10.0.10.0 | |
| add address=10.0.20.1/24 interface=lan2 network=10.0.20.0 | |
| /ip dhcp-client | |
| add add-default-route=no interface=mng | |
| add default-route-distance=100 default-route-tables=main interface=wan4 | |
| /ip dhcp-server network | |
| add address=10.0.10.0/24 dns-server=8.8.8.8 gateway=10.0.10.1 | |
| add address=10.0.20.0/24 dns-server=8.8.8.8 gateway=10.0.20.1 | |
| /ip firewall filter | |
| add action=fasttrack-connection chain=forward hw-offload=yes in-interface-list=LAN protocol=tcp | |
| add action=fasttrack-connection chain=forward hw-offload=no in-interface-list=LAN | |
| add action=accept chain=forward in-interface-list=LAN | |
| add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yes in-interface-list=WAN4 protocol=tcp | |
| add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=no in-interface-list=WAN4 | |
| add action=accept chain=forward connection-state=established,related in-interface-list=WAN4 | |
| add action=drop chain=forward | |
| add action=accept chain=input connection-state=established,related in-interface-list=WAN4 | |
| add action=accept chain=input in-interface-list=WAN4 protocol=icmp | |
| add action=accept chain=input in-interface-list=LAN | |
| add action=accept chain=input in-interface=mng | |
| add action=accept chain=input in-interface=lo | |
| add action=drop chain=input log=yes | |
| /ip firewall nat | |
| add action=masquerade chain=srcnat out-interface-list=WAN4 | |
| /ip service | |
| set telnet disabled=yes | |
| set ftp disabled=yes | |
| set www address=192.168.90.0/24 | |
| set ssh address=192.168.90.0/24 | |
| set api disabled=yes | |
| set winbox disabled=yes | |
| set api-ssl disabled=yes | |
| /ipv6 address | |
| add address=::/64 eui-64=yes from-pool=ngn interface=lan1 | |
| /ipv6 dhcp-client | |
| add add-default-route=yes interface=wan6 pool-name=ngn prefix-hint=::/56 request=prefix | |
| /ipv6 dhcp-server | |
| add interface=lan1 name=dhcp6s prefix-pool=ngn | |
| /ipv6 firewall filter | |
| add action=accept chain=input in-interface-list=LAN | |
| add action=accept chain=input in-interface-list=WAN6 protocol=icmpv6 | |
| add action=accept chain=input dst-port=546 in-interface-list=WAN6 protocol=udp src-port=547 | |
| add action=drop chain=input dst-port=53 in-interface-list=WAN6 protocol=udp | |
| add action=accept chain=input connection-state=established,related in-interface-list=WAN6 | |
| add action=drop chain=input log=yes | |
| add action=accept chain=forward in-interface-list=LAN | |
| add action=accept chain=forward connection-state=established,related in-interface-list=WAN6 | |
| add action=drop chain=forward log=yes | |
| /ipv6 nd | |
| set [ find default=yes ] hop-limit=64 interface=lan1 other-configuration=yes | |
| /system note | |
| set show-at-login=no | |
| /system routerboard settings | |
| set auto-upgrade=yes enter-setup-on=delete-key |
[IX2207]
- GE0.0 を CCR2116 の lan1(ether2)に接続
- RA で IPv6 を構成
- CCR2116 越しに VNE の BR と IPIP6 トンネルを張る(Tunnel0.0)
- IPv4 のデフォルトルートは Tunnel0.0
- GE1.0 で DHCP サーバを稼働
[CCR2116]
- wan4(ether1)を IX2207 の GE1.0 に接続
- DHCP で IPv4 を構成
- IPv4 のデフォルトルートは IX2207
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CCR2116 配下のルータが、CCR2116 の上流にある BR と IPIP6 トンネルを張ると遅くなる問題への対処。
特筆すべき設定は以下の通り。
l3-hw-offloadingとipv6-hwを有効にするl3-hw-offloading=noにする