Last active
February 3, 2025 21:14
-
-
Save pandax381/65384ba89b87696f21d0c7e8330171da to your computer and use it in GitHub Desktop.
CCR2116 config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [admin@MikroTik] > export | |
| # 2025-02-03 20:19:44 by RouterOS 7.18beta2 | |
| # software id = ETY3-XJA9 | |
| # | |
| # model = CCR2116-12G-4S+ | |
| # serial number = XXXXXXXXXXX | |
| /interface bridge | |
| add fast-forward=no frame-types=admit-only-vlan-tagged name=bridge1 protocol-mode=none vlan-filtering=yes | |
| /interface ethernet | |
| set [ find default-name=ether13 ] name=mng | |
| /interface ipipv6 | |
| add disabled=yes local-address=:: mtu=1460 name=ipip6 remote-address=BRアドレス | |
| /interface vlan | |
| add interface=bridge1 name=jcom vlan-id=254 | |
| add interface=bridge1 name=lan1 vlan-id=10 | |
| add interface=bridge1 name=lan2 vlan-id=20 | |
| add interface=bridge1 name=ngn vlan-id=100 | |
| /disk | |
| add parent=nvme1 partition-number=1 partition-offset=512 partition-size="1 000 204 885 504" type=partition | |
| /interface ethernet switch port | |
| set 4 l3-hw-offloading=no | |
| /interface list | |
| add name=LAN | |
| add name=WAN4 | |
| add name=WAN6 | |
| /interface wireless security-profiles | |
| set [ find default=yes ] supplicant-identity=MikroTik | |
| /ip pool | |
| add name=pool1 ranges=10.0.10.100-10.0.10.199 | |
| add name=pool2 ranges=10.0.20.100-10.0.20.199 | |
| /ip dhcp-server | |
| add address-pool=pool1 interface=lan1 name=dhcps1 | |
| add address-pool=pool2 interface=lan2 name=dhcps2 | |
| /port | |
| set 0 name=serial0 | |
| /interface bridge port | |
| add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether1 pvid=254 | |
| add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether2 pvid=10 | |
| add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=20 | |
| add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus1 pvid=100 | |
| add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus2 pvid=10 | |
| add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus3 pvid=10 | |
| add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus4 pvid=10 | |
| /interface ethernet switch l3hw-settings | |
| set ipv6-hw=yes | |
| /interface ethernet switch | |
| set 0 l3-hw-offloading=yes | |
| /interface list member | |
| add interface=lan1 list=LAN | |
| add interface=lan2 list=LAN | |
| add interface=jcom list=WAN4 | |
| add interface=ipip6 list=WAN4 | |
| add interface=ngn list=WAN6 | |
| /ip address | |
| add address=10.0.10.1/24 interface=lan1 network=10.0.10.0 | |
| add address=10.0.20.1/24 interface=lan2 network=10.0.20.0 | |
| add address=固定IP interface=ipip6 network=固定IP | |
| /ip dhcp-client | |
| add add-default-route=no interface=mng | |
| add default-route-distance=100 default-route-tables=main interface=jcom | |
| /ip dhcp-server network | |
| add address=10.0.10.0/24 dns-server=8.8.8.8 gateway=10.0.10.1 | |
| add address=10.0.20.0/24 dns-server=8.8.8.8 gateway=10.0.20.1 | |
| /ip firewall filter | |
| add action=fasttrack-connection chain=forward hw-offload=yes in-interface-list=LAN protocol=tcp | |
| add action=fasttrack-connection chain=forward hw-offload=no in-interface-list=LAN | |
| add action=accept chain=forward in-interface-list=LAN | |
| add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yes in-interface-list=WAN4 protocol=tcp | |
| add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=no in-interface-list=WAN4 | |
| add action=accept chain=forward connection-state=established,related in-interface-list=WAN4 | |
| add action=drop chain=forward | |
| add action=accept chain=input connection-state=established,related in-interface-list=WAN4 | |
| add action=accept chain=input in-interface-list=WAN4 protocol=icmp | |
| add action=accept chain=input in-interface-list=LAN | |
| add action=accept chain=input in-interface=mng | |
| add action=accept chain=input in-interface=lo | |
| add action=drop chain=input log=yes | |
| /ip firewall mangle | |
| add action=change-mss chain=forward in-interface=ipip6 new-mss=1420 protocol=tcp tcp-flags=syn | |
| add action=clear-df chain=prerouting in-interface=ipip6 | |
| /ip firewall nat | |
| add action=masquerade chain=srcnat out-interface-list=WAN4 | |
| /ip route | |
| add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=ipip6 routing-table=main scope=30 suppress-hw-offload=no target-scope=10 | |
| /ip service | |
| set telnet disabled=yes | |
| set ftp disabled=yes | |
| set www address=192.168.90.0/24 | |
| set ssh address=192.168.90.0/24 | |
| set api disabled=yes | |
| set winbox disabled=yes | |
| set api-ssl disabled=yes | |
| /ipv6 address | |
| add address=::1 from-pool=ngn interface=lan1 | |
| /ipv6 dhcp-client | |
| add add-default-route=yes interface=ngn pool-name=ngn prefix-hint=::/56 request=prefix | |
| /ipv6 dhcp-server | |
| add interface=lan1 name=dhcp6s prefix-pool=ngn | |
| /ipv6 firewall filter | |
| add action=accept chain=input in-interface-list=LAN | |
| add action=accept chain=input in-interface-list=WAN6 protocol=ipencap | |
| add action=accept chain=input in-interface-list=WAN6 protocol=icmpv6 | |
| add action=accept chain=input dst-port=546 in-interface-list=WAN6 protocol=udp src-port=547 | |
| add action=drop chain=input dst-port=53 in-interface-list=WAN6 protocol=udp | |
| add action=accept chain=input connection-state=established,related in-interface-list=WAN6 | |
| add action=drop chain=input log=yes | |
| add action=accept chain=forward in-interface-list=LAN | |
| add action=accept chain=forward connection-state=established,related in-interface-list=WAN6 | |
| add action=drop chain=forward log=yes | |
| /ipv6 nd | |
| set [ find default=yes ] hop-limit=64 interface=lan1 other-configuration=yes | |
| /system note | |
| set show-at-login=no | |
| /system routerboard settings | |
| set auto-upgrade=yes enter-setup-on=delete-key |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CCR2116 配下のルータが、CCR2116 の上流にある BR と IPIP6 トンネルを張ると遅くなる問題への対処。
l3-hw-offloadingとipv6-hwを有効にするl3-hw-offloading=noにする