Заводские настройки MikroTik
Существует восемь видов заводских настроек устройств MikroTik. Выбор конкретного вида зависит от модели оборудования. Скрипт, который используется для создания заводских настроек на конкретном устройстве можно получить с помощью команды /system default-configuration print.
Логин, пароль и IP-адрес
В заводских настройках устройств MikroTik используются:
- логин: admin;
- пароль: на виртуальных машинах и более старых устройствах пароль не используется, а на более новых устройствах его можно найти на этикетке на корпусе устройства;
- IP-адрес: чаще всего 192.168.88.1, а более точно можно определить с помощью таблицы из следующего раздела.
Секреты настройки MikroTik
Более 18.000 подписчиков самого большого telegram-канала «MikroTik-сэнсэй» первыми узнают секреты настройки MikroTik от автора этой статьи.
Заводские настройки физических устройств MikroTik
| Вид заводской настройки | Внешний интерфейс (WAN) | IP-адрес внешнего интерфейса (WAN) | Внутренний интерфейс (LAN) | IP-адрес внутреннего интерфейса (LAN) | Устройства MikroTik для которых применяются настройки и комментарии |
|---|---|---|---|---|---|
| CPE Router | wlan1 | DHCP-клиент | ether1 | 192.168.88.1/24 | Беспроводной интерфейс работает как беспроводной клиент.
RB 711/911/912/921/922 (Level 3), SXT, QRT, SEXTANT, LHG, LDF, DISC, Groove, Metal |
| LTE CPE AP router | lte1 | DHCP-клиент | bridge, включающий в себя все интерфейсы, кроме lte1 | 192.168.188.1/241 | wAP LTE Kit, SXT LTE, LtAP 4G kit, LtAP LTE kit, Chateau |
| AP Router | ether1 | DHCP-клиент | bridge, включающий в себя все интерфейсы, кроме ether1 | 192.168.88.1/24 | RB 450/751/850/951/953/2011/3011/4011, hEX, PowerBox, mAP, wAP, wAP R (without LTE card), hAP, cAP, OmniTIK, коммутаторы CRS с Wi-Fi, L009 series, Audience, Knot, PWR |
| PTP Bridge / W60G Bridge | – | – | bridge, включающий в себя все интерфейсы | 192.168.88.1/24 | Разновидность конфигурации AP (беспроводные интерфейсы работают как точки доступа с возможностью подключения только одного беспроводного клиента, используется режим bridge): Cube, Cube Pro, nRAY; Dish, Wireless Wire Dish, Wireless Wire kit, wAP 60G (RouterOS level 3).
Разновидность конфигурации CPE (беспроводные интерфейсы работают как беспроводные клиенты, которые могут подключаться только к отдельностоящим точкам доступа под управлением RouterOS (не под управлением CAPsMAN), используется режим station bridge): DynaDish. |
| WISP Bridge | – | – | bridge, включающий в себя все интерфейсы | DHCP-клиент | Беспроводные интерфейсы работают как точки доступа с возможностью подключения множества беспроводных клиентов, используется режим ap bridge.
RB 911/912/921/922 (RouterOS level 4), Groove A, RB 711 A, BaseBox, NetBox, mANTBox, NetMetal, wAP 60G AP (RouterOS level 4), LtAP, CME |
| Switch | – | – | bridge, включающий в себя все интерфейсы | 192.168.88.1/24 | Коммутаторы CRS без Wi-Fi, FiberBox |
| IP Only | – | – | ether1 / combo1 / sfp1 (зависит от модели)2 | 192.168.88.1/24 |
CCR, ROSE Data server, RB 411/433/435/493/800/M11/M33/1100 |
| CAP | – | – | bridgeLocal, включающий в себя все ethernet-интерфейсы3 | DHCP-клиент | Конфигурация может быть вызвана принудительно с помощью кнопки Reset |
1 IP-адрес 192.168.188.1/24 не является опечаткой, правильно именно 192.168.188.1/24, а не 192.168.88.1/24.
2 С точки зрения конфигурации интерфейс является интерфейсом для доступа к устройству (management interface), а не внутренним или внешним интерфейсом.
3 Управление беспроводными интерфейсами выполняется через CAPsMAN.
Заводские настройки виртуальных машин MikroTik CHR
В заводских настройках виртуальных машин MikroTik CHR используются:
- логин: admin,
- пароль: не используется,
- IP-адрес: получается DHCP-клиентом на ether1.
Пример конфигурации с заводскими настройками
Далее приведена заводская конфигурация вида «AP Router», которая используется на маршрутизаторе MikroTik hAP ax².
# 2026-01-28 10:03:59 by RouterOS 7.21.1
# software id = 0639-J1R4
#
# model = C52iG-5HaxD2HaxD
# serial number = NUMBER
/interface bridge
add admin-mac=48:A9:8A:CD:00:66 auto-mac=no comment=defconf name=bridge
/interface wifi
set [ find default-name=wifi1 ] channel.band=5ghz-ax .skip-dfs-channels=\
10min-cac .width=20/40/80mhz configuration.mode=ap .ssid=MikroTik-CD006A \
disabled=no security.authentication-types=wpa2-psk,wpa3-psk .ft=yes \
.ft-over-ds=yes .passphrase=ZV8ZDKDY3X
set [ find default-name=wifi2 ] channel.band=2ghz-ax .skip-dfs-channels=\
10min-cac .width=20/40mhz configuration.mode=ap .ssid=MikroTik-CD006A \
disabled=no security.authentication-types=wpa2-psk,wpa3-psk .ft=yes \
.ft-over-ds=yes .passphrase=ZV8ZDKDY3X
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/disk settings
set auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wifi1
add bridge=bridge comment=defconf interface=wifi2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
/ip dhcp-client
# Interface not active
add comment=defconf interface=ether1
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan type=A
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" \
connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" \
connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" \
connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" dst-port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." \
dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=fasttrack-connection chain=forward comment="defconf: fasttrack6" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related,untracked" \
connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Пример скрипта для формирования конфигурации с заводскими настройками
Приведенная выше заводская конфигурация устройства MikroTik hAP ax² была сформирована с помощью приведенного далее скрипта.
# 2026-01-28 10:30:56 by RouterOS 7.21.1
# software id = 0639-J1R4
#
script: #| Welcome to RouterOS!
#| 1) Set a strong router password in the System > Users menu
#| 2) Upgrade the software in the System > Packages menu
#| 3) Enable firewall on untrusted networks
#| 4) Set a strong WiFi password in the WiFi > Security menu
#| 5) Set your country name to observe wireless regulations
#| -----------------------------------------------------------------------------
#| RouterMode:
#| * WAN port is protected by firewall and enabled DHCP client
#| * Wireless and Ethernet interfaces (except WAN port/s)
#| are part of LAN bridge
#| LAN Configuration:
#| IP address 192.168.88.1/24 is set on bridge (LAN port)
#| DHCP Server: enabled;
#| DNS: enabled;
#| wifi1 Configuration:
#| mode: ap;
#| band: 5ghz-ax;
#| tx-chains: 0;1;
#| rx-chains: 0;1;
#| installation: any;
#| ht-extension: 20/40/80mhz;
#| wpa2: yes;
#| wifi2 Configuration:
#| mode: ap;
#| band: 2ghz-ax;
#| tx-chains: 0;1;
#| rx-chains: 0;1;
#| installation: any;
#| ht-extension: 20/40mhz;
#| wpa2: yes;
#| WAN (gateway) Configuration:
#| gateway: ether1;
#| ip4 firewall: enabled;
#| ip6 firewall: enabled;
#| NAT: enabled;
#| DHCP Client: enabled;
#| Login
#| admin user protected by password
:global ssid;
:global defconfMode;
:log info "Starting defconf script";
#-------------------------------------------------------------------------------
# Apply configuration.
# these commands are executed after installation or configuration reset
#-------------------------------------------------------------------------------
:if ($action = "apply") do={
# wait for interfaces
:local count 0;
:while ([/interface ethernet find] = "") do={
:if ($count = 30) do={
:log warning "DefConf: Unable to find ethernet interfaces";
/quit;
}
:delay 1s; :set count ($count +1);
};
:local count 0;
:while ([/interface wifi print count-only] < 2) do={
:set count ($count +1);
:if ($count = 40) do={
:log warning "DefConf: Unable to find wireless interface(s)";
/ip address add address=192.168.88.1/24 interface=ether1 comment="defconf";
/quit
}
:delay 1s;
};
/interface list add name=WAN comment="defconf"
/interface list add name=LAN comment="defconf"
/interface bridge
add name=bridge disabled=no auto-mac=yes protocol-mode=rstp comment=defconf;
:local bMACIsSet 0;
:foreach k in=[/interface find where !(slave=yes || name="ether1" || passthrough=yes || type=loopback || name~"bridge")] do={
:local tmpPortName [/interface get $k name];
:if ($bMACIsSet = 0) do={
:if ([/interface get $k type] = "ether") do={
/interface bridge set "bridge" auto-mac=no admin-mac=[/interface get $tmpPortName mac-address];
:set bMACIsSet 1;
}
}
:if (([/interface get $k type] != "ppp-out") && ([/interface get $k type] != "lte")) do={
/interface bridge port
add bridge=bridge interface=$tmpPortName comment=defconf;
}
}
/ip pool add name="default-dhcp" ranges=192.168.88.10-192.168.88.254;
/ip dhcp-server
add name=defconf address-pool="default-dhcp" interface=bridge disabled=no;
/ip dhcp-server network
add address=192.168.88.0/24 gateway=192.168.88.1 dns-server=192.168.88.1 comment="defconf";
/ip address add address=192.168.88.1/24 interface=bridge comment="defconf";
/ip dns {
set allow-remote-requests=yes
static add name=router.lan address=192.168.88.1 comment=defconf
}
/interface wifi {
:local ifcId [/interface wifi find where default-name=wifi1]
set $ifcId configuration.mode=ap channel.band=5ghz-ax disabled=no
set $ifcId channel.width=20/40/80mhz;
set $ifcId channel.skip-dfs-channels=10min-cac;
set $ifcId security.authentication-types=wpa2-psk,wpa3-psk security.passphrase=$defconfWifiPassword security.ft=yes security.ft-over-ds=yes
:local wlanMac [/interface get [/interface find where default-name=wifi1] mac-address];
:set ssid "MikroTik-$[:pick $wlanMac 9 11]$[:pick $wlanMac 12 14]$[:pick $wlanMac 15 17]"
set $ifcId configuration.ssid=$ssid
}
/interface wifi {
:local ifcId [/interface wifi find where default-name=wifi2]
set $ifcId configuration.mode=ap channel.band=2ghz-ax disabled=no
set $ifcId channel.width=20/40mhz;
set $ifcId channel.skip-dfs-channels=10min-cac;
set $ifcId security.authentication-types=wpa2-psk,wpa3-psk security.passphrase=$defconfWifiPassword security.ft=yes security.ft-over-ds=yes
:local wlanMac [/interface get [/interface find where default-name=wifi1] mac-address];
:set ssid "MikroTik-$[:pick $wlanMac 9 11]$[:pick $wlanMac 12 14]$[:pick $wlanMac 15 17]"
set $ifcId configuration.ssid=$ssid
}
/ip dhcp-client add interface=ether1 disabled=no comment="defconf";
/interface list member add list=LAN interface=bridge comment="defconf"
/interface list member add list=WAN interface=ether1 comment="defconf"
/ip firewall nat add chain=srcnat out-interface-list=WAN ipsec-policy=out,none action=masquerade comment="defconf: masquerade"
/ip firewall {
filter add chain=input action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"
filter add chain=input action=drop connection-state=invalid comment="defconf: drop invalid"
filter add chain=input action=accept protocol=icmp comment="defconf: accept ICMP"
filter add chain=input action=accept dst-address=127.0.0.1 comment="defconf: accept to local loopback (for CAPsMAN)"
filter add chain=input action=drop in-interface-list=!LAN comment="defconf: drop all not coming from LAN"
filter add chain=forward action=accept ipsec-policy=in,ipsec comment="defconf: accept in ipsec policy"
filter add chain=forward action=accept ipsec-policy=out,ipsec comment="defconf: accept out ipsec policy"
filter add chain=forward action=fasttrack-connection connection-state=established,related comment="defconf: fasttrack"
filter add chain=forward action=accept connection-state=established,related,untracked comment="defconf: accept established,related, untracked"
filter add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"
filter add chain=forward action=drop connection-nat-state=!dstnat in-interface-list=WAN comment="defconf: drop all from WAN not DSTNATed"
}
/ipv6 firewall {
address-list add list=bad_ipv6 address=::/128 comment="defconf: unspecified address"
address-list add list=bad_ipv6 address=::1 comment="defconf: lo"
address-list add list=bad_ipv6 address=fec0::/10 comment="defconf: site-local"
address-list add list=bad_ipv6 address=::ffff:0:0/96 comment="defconf: ipv4-mapped"
address-list add list=bad_ipv6 address=::/96 comment="defconf: ipv4 compat"
address-list add list=bad_ipv6 address=100::/64 comment="defconf: discard only "
address-list add list=bad_ipv6 address=2001:db8::/32 comment="defconf: documentation"
address-list add list=bad_ipv6 address=2001:10::/28 comment="defconf: ORCHID"
address-list add list=bad_ipv6 address=3ffe::/16 comment="defconf: 6bone"
filter add chain=input action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"
filter add chain=input action=drop connection-state=invalid comment="defconf: drop invalid"
filter add chain=input action=accept protocol=icmpv6 comment="defconf: accept ICMPv6"
filter add chain=input action=accept protocol=udp dst-port=33434-33534 comment="defconf: accept UDP traceroute"
filter add chain=input action=accept protocol=udp dst-port=546 src-address=fe80::/10 comment="defconf: accept DHCPv6-Client prefix delegation."
filter add chain=input action=accept protocol=udp dst-port=500,4500 comment="defconf: accept IKE"
filter add chain=input action=accept protocol=ipsec-ah comment="defconf: accept ipsec AH"
filter add chain=input action=accept protocol=ipsec-esp comment="defconf: accept ipsec ESP"
filter add chain=input action=accept ipsec-policy=in,ipsec comment="defconf: accept all that matches ipsec policy"
filter add chain=input action=drop in-interface-list=!LAN comment="defconf: drop everything else not coming from LAN"
filter add chain=forward action=fasttrack-connection connection-state=established,related comment="defconf: fasttrack6"
filter add chain=forward action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"
filter add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"
filter add chain=forward action=drop src-address-list=bad_ipv6 comment="defconf: drop packets with bad src ipv6"
filter add chain=forward action=drop dst-address-list=bad_ipv6 comment="defconf: drop packets with bad dst ipv6"
filter add chain=forward action=drop protocol=icmpv6 hop-limit=equal:1 comment="defconf: rfc4890 drop hop-limit=1"
filter add chain=forward action=accept protocol=icmpv6 comment="defconf: accept ICMPv6"
filter add chain=forward action=accept protocol=139 comment="defconf: accept HIP"
filter add chain=forward action=accept protocol=udp dst-port=500,4500 comment="defconf: accept IKE"
filter add chain=forward action=accept protocol=ipsec-ah comment="defconf: accept ipsec AH"
filter add chain=forward action=accept protocol=ipsec-esp comment="defconf: accept ipsec ESP"
filter add chain=forward action=accept ipsec-policy=in,ipsec comment="defconf: accept all that matches ipsec policy"
filter add chain=forward action=drop in-interface-list=!LAN comment="defconf: drop everything else not coming from LAN"
}
/ip neighbor discovery-settings set discover-interface-list=LAN
/tool mac-server set allowed-interface-list=LAN
/tool mac-server mac-winbox set allowed-interface-list=LAN
:if (!($keepUsers = "yes")) do={
:if (!($defconfPassword = "" || $defconfPassword = nil)) do={
/user set admin password=$defconfPassword
:delay 0.5
/user expire-password admin
}
}
/disk settings
set auto-smb-sharing=yes auto-media-sharing=yes auto-media-interface=bridge
}
#-------------------------------------------------------------------------------
# Revert configuration.
# these commands are executed if user requests to remove default configuration
#-------------------------------------------------------------------------------
:if ($action = "revert") do={
:if (!($keepUsers = "yes")) do={
/user set admin password=""
:delay 0.5
/user expire-password admin
}
/disk settings
set auto-smb-sharing=no auto-media-sharing=no auto-media-interface=none
/ip firewall filter remove [find comment~"defconf"]
/ipv6 firewall filter remove [find comment~"defconf"]
/ipv6 firewall address-list remove [find comment~"defconf"]
/ip firewall nat remove [find comment~"defconf"]
/interface list member remove [find comment~"defconf"]
/interface detect-internet set detect-interface-list=none
/interface detect-internet set lan-interface-list=none
/interface detect-internet set wan-interface-list=none
/interface detect-internet set internet-interface-list=none
/interface list remove [find comment~"defconf"]
/tool mac-server set allowed-interface-list=all
/tool mac-server mac-winbox set allowed-interface-list=all
/ip neighbor discovery-settings set discover-interface-list=!dynamic
:local o [/ip dhcp-server network find comment="defconf"]
:if ([:len $o] != 0) do={ /ip dhcp-server network remove $o }
:local o [/ip dhcp-server find name="defconf" !disabled]
:if ([:len $o] != 0) do={ /ip dhcp-server remove $o }
/ip pool {
:local o [find name="default-dhcp" ranges=192.168.88.10-192.168.88.254]
:if ([:len $o] != 0) do={ remove $o }
}
:local o [/ip dhcp-client find comment="defconf"]
:if ([:len $o] != 0) do={ /ip dhcp-client remove $o }
/ip dns {
set allow-remote-requests=no
:local o [static find comment="defconf"]
:if ([:len $o] != 0) do={ static remove $o }
}
/ip address {
:local o [find comment="defconf"]
:if ([:len $o] != 0) do={ remove $o }
}
:foreach iface in=[/interface ethernet find] do={
/interface ethernet set $iface name=[get $iface default-name]
}
/interface bridge port remove [find comment="defconf"]
/interface bridge remove [find comment="defconf"]
/interface bonding remove [find comment~"defconf"]
/interface wifi reset wifi1
/interface wifi reset wifi2
}
:log info Defconf_script_finished;
:set defconfMode;
:set ssid;
caps-mode-script: #| CAP configuration
#|
#| * Wireless interfaces are set to be managed by CAPsMAN.
#| * All ethernet interfaces and CAPsMAN managed interfaces are bridged.
#| * DHCP client is set on bridge interface.
#| * If printed on the sticker, "admin" user is protected by password.
:global action;
:local brName "bridgeLocal";
:local logPref "defconf:";
:local wirelessMenu "wireless"
:local usingWifiPack false;
:local needAdminPass 1;
:if ([:len [/system package find name~"wifi" !disabled]] != 0) do={
:set usingWifiPack true;
:set wirelessMenu "wifi";
}
:if ($action = "apply") do={
# wait for ethernet interfaces
:local count 0;
:while ([/interface ethernet find] = "") do={
:if ($count = 30) do={
:log warning "DefConf: Unable to find ethernet interfaces";
/quit;
}
:delay 1s; :set count ($count + 1);
}
:local macSet 0;
:local tmpMac "";
:foreach k in=[/interface ethernet find] do={
# first ethernet is found; add bridge and set mac address of the ethernet port
:if ($macSet = 0) do={
:set tmpMac [/interface ethernet get $k mac-address];
/interface bridge add name=$brName auto-mac=no admin-mac=$tmpMac comment="defconf";
:set macSet 1;
}
# add bridge ports
/interface bridge port add bridge=$brName interface=$k comment="defconf"
}
# try to add dhcp client on bridge interface (may fail if already exist)
:do {
/ip dhcp-client add interface=$brName disabled=no comment="defconf"
} on-error={ :log warning "$logPref unable to add dhcp client";}
# try to configure caps (may fail if for example specified interfaces are missing)
:local findWireless [:parse ":local count 0;
:while ([/interface $wirelessMenu find] = \"\") do={
:if (\$count = 30) do={
:log warning \"DefConf: Unable to find wireless interfaces\"; /quit
};
:delay 1s;
:set count (\$count + 1)
}"]
[$findWireless]
:if ($usingWifiPack) do={
:local addDatapath [:parse "/interface $wirelessMenu datapath
add comment=\"defconf\" name=capdp disabled=no bridge=$brName"]
[$addDatapath]
}
# delay just to make sure that all wireless interfaces are loaded
:delay 5s;
:do {
:local setCap ""
if ($usingWifiPack) do={
:set setCap [:parse ":foreach i in=[/interface $wirelessMenu find] do={
/interface $wirelessMenu set \$i configuration.manager=capsman datapath=capdp
}
/interface $wirelessMenu cap
set enabled=yes discovery-interfaces=$brName slaves-datapath=capdp"]
} else={
:set setCap [:parse "
:local interfacesList \"\";
:local bFirst 1;
:foreach i in=[/interface $wirelessMenu find] do={
if (\$bFirst = 1) do={
:set interfacesList [/interface $wirelessMenu get \$i name];
:set bFirst 0;
} else{
:set interfacesList \"\$interfacesList,\$[/interface wireless get \$i name]\";
}
}
/interface $wirelessMenu cap set enabled=yes interfaces=\$interfacesList \\
discovery-interfaces=$brName bridge=$brName"]
}
[$setCap]
} on-error={ :log warning "$logPref unable to configure caps";}
# do not set admin pass for RBD25 boards that do not have it printed
:if ([:pick [/system routerboard get model] 0 5] = "RBD25") do={
if ((($defconfPassword = "" || $defconfPassword = nil) && \
!($defconfWpsPassword = "" || $defconfWpsPassword = nil)) || \
(!($defconfPassword = "" || $defconfPassword = nil) && \
($defconfWpsPassword = "" || $defconfWpsPassword = nil))) do={
:set needAdminPass 0;
}
}
# set admin password
:if ($needAdminPass = 1) do={
:if (!($keepUsers = "yes")) do={
:if (!($defconfPassword = "" || $defconfPassword = nil)) do={
/user set admin password=$defconfPassword
:delay 0.5
/user expire-password admin
}
}
}
}
:if ($action = "revert") do={
:if (!($keepUsers = "yes")) do={
/user set admin password=""
:delay 0.5
/user expire-password admin
}
:do {
:local removeCap ""
if ($usingWifiPack) do={
:set removeCap [:parse ":foreach i in=[/interface $wirelessMenu find] do={
/interface $wirelessMenu set \$i !configuration.manager !datapath }
/interface $wirelessMenu cap
set enabled=no !slaves-datapath !discovery-interfaces"]
} else{
:set removeCap [:parse "/interface $wirelessMenu cap
set enabled=no interfaces=\"\" discovery-interfaces=\"\" bridge=none"]
}
[$removeCap]
} on-error={ :log warning "$logPref unable to unset caps";}
:if ($usingWifiPack) do={
:local removeDatapath [:parse "/interface $wirelessMenu datapath remove [find comment=\"defconf\"]"]
[$removeDatapath]
}
:local o [/ip dhcp-client find comment="defconf"]
:if ([:len $o] != 0) do={ /ip dhcp-client remove $o }
/interface bridge port remove [find comment="defconf"]
/interface bridge remove [find comment="defconf"]
}
custom-script:
Телеграм-чат «MikroTikLab»
Присоединяйтесь к сообществу специалистов по MikroTik.
Полезные ссылки
Онлайн-курсы по MikroTik
- Администрирование сетевых устройств MikroTik
- Файрвол и приоритизация трафика на MikroTik
- Маршрутизация на MikroTik
- Коммутация на MikroTik
Онлайн-курсы по сетям
- Математика и физика в сетевых технологиях
- Архитектура современных компьютерных сетей
- Устройство, проектирование и диагностика беспроводных сетей IEEE 802.11 (Wi-Fi)
Telegram-каналы
Telegram-чат
Прочее