# feb/09/2022 12:18:42 by RouterOS 6.47.8
# software id = UJ03-BH8C
#
# model = RB4011iGS+
# serial number = D4450C4BEDD4
/interface ethernet
set [ find default-name=ether3 ] advertise=100M-full,1000M-full,10000M-full auto-negotiation=no name=LAN_AGENCIA_Ether3
set [ find default-name=ether2 ] auto-negotiation=no name=LAN_INET_Ether2
set [ find default-name=ether4 ] auto-negotiation=no name=LAN_SUPER_24_Ether4
set [ find default-name=ether5 ] name=LAN_ether5
set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no name=TO_WAN_2
set [ find default-name=ether1 ] auto-negotiation=no name=TO_WAN_Ether1
/interface vrrp
add interface=LAN_AGENCIA_Ether3 name=VRRP_AGENCIAS priority=120
add interface=LAN_INET_Ether2 name=VRRP_INTERNET priority=120 vrid=2
add interface=LAN_SUPER_24_Ether4 name=VRRP_SUPER_24 priority=120 vrid=3
add interface=LAN_ether5 name=VRRP_VLAN_80 priority=120
add interface=LAN_ether5 name=VRRP_VLAN_81 priority=120 vrid=2
/interface vlan
add interface=TO_WAN_2 name="1149796*1 #- IFX DATA Transport #- 9MB_VID:621 #- 349109_INVERSIONES CENTROAMERICANAS, S.A. #- SUPER_24" vlan-id=1338
add interface=TO_WAN_2 name="1149796*2 #- IFX DATA Transport #- 28MB_VID:622 #- 349109_INVERSIONES CENTROAMERICANAS, S.A. #- AGENCIAS" vlan-id=1339
add interface=TO_WAN_2 name=SID_907092_INVERSIONES_CENTROAMERICANAS_INET_PPA vlan-id=1337
add interface=LAN_ether5 name=VLAN_80 vlan-id=80
add interface=LAN_ether5 name=VLAN_81 vlan-id=81
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/routing bgp instance
add as=64512 name=BGP_SUPER_24 redistribute-connected=yes redistribute-static=yes router-id=172.17.53.246 routing-table=SUPER_24
add as=64512 name=BGP_AGENCIAS redistribute-connected=yes redistribute-static=yes router-id=172.17.53.250 routing-table=AGENCIA
/snmp community
add addresses=10.1.1.198/32,10.2.1.34/32,10.2.26.192/28,10.2.26.192/28,10.1.20.192/28,10.25.1.0/27,190.61.4.35/32,190.61.50.194/32 name=YES write-access=yes
add addresses=190.61.4.170/32,190.61.4.34/32,190.61.4.35/32 name=ifxcliente
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip address
add address=190.61.50.252/26 interface=LAN_INET_Ether2 network=190.61.50.192
add address=10.62.0.36/29 interface=LAN_SUPER_24_Ether4 network=10.62.0.32
add address=10.63.0.146/28 interface=LAN_AGENCIA_Ether3 network=10.63.0.144
add address=190.61.50.193/26 interface=VRRP_INTERNET network=190.61.50.192
add address=10.63.0.145/28 interface=VRRP_AGENCIAS network=10.63.0.144
add address=10.62.0.38/29 interface=VRRP_SUPER_24 network=10.62.0.32
add address=172.31.80.11 comment=GESTION_ORION network=172.31.80.11
add address=172.17.53.246/30 interface="1149796*1 #- IFX DATA Transport #- 9MB_VID:621 #- 349109_INVERSIONES CENTROAMERICANAS, S.A. #- SUPER_24" network=172.17.53.244
add address=172.17.53.250/30 interface="1149796*2 #- IFX DATA Transport #- 28MB_VID:622 #- 349109_INVERSIONES CENTROAMERICANAS, S.A. #- AGENCIAS" network=172.17.53.248
add address=10.220.5.182/30 interface=SID_907092_INVERSIONES_CENTROAMERICANAS_INET_PPA network=10.220.5.180
add address=10.63.1.8/26 interface=VLAN_80 network=10.63.1.0
add address=10.63.1.7/26 interface=VRRP_VLAN_80 network=10.63.1.0
add address=10.63.1.72/26 interface=VLAN_81 network=10.63.1.64
add address=10.63.1.71/26 interface=VRRP_VLAN_81 network=10.63.1.64
/ip firewall address-list
add address=10.2.10.192/28 list=Admin
add address=10.1.20.128/28 list=Admin
add address=10.2.26.192/28 list=Admin
add address=10.25.1.0/27 list=Admin
add address=10.1.1.198 list=Admin
add address=10.2.1.34 list=Admin
add address=190.60.220.0/24 list=IFX
add address=200.62.3.11 list=IFX
add address=190.61.4.0/24 list=IFX
add address=190.61.50.194 list=IFX
add address=10.2.104.0/24 list=CallCenter
add address=172.17.53.248/30 list=IFX
add address=10.63.0.144/28 list=Admin
add address=10.2.1.108 list=Admin
add address=190.61.50.194 list=Admin
add address=192.168.50.180 list=Admin
add address=192.168.50.0/30 list=Admin
add address=192.168.53.13 list=Admin
add address=10.62.0.32/29 list=Admin
add address=190.61.50.192/26 list=Admin
add address=10.44.110.0/24 disabled=yes list=CallCenter
add address=10.44.91.0/24 disabled=yes list=CallCenter
/ip firewall filter
add action=accept chain=input comment="IN;Permitir conexiones establecidas y relacionadas" connection-state=established,related
add action=drop chain=input comment="IN;Bloqueo conexiones invalidas al router" connection-state=invalid
add action=accept chain=input comment="IN;Administracion del Router" src-address-list=Admin
add action=accept chain=input in-interface=LAN_AGENCIA_Ether3 routing-table=AGENCIA src-address-list=Admin
add action=accept chain=input comment="IN: Gestion IFX" src-address-list=IFX
add action=accept chain=input comment="IN: Ping permitido Call Center" protocol=icmp src-address-list=CallCenter
add action=drop chain=input comment="IN;Descartar todo lo demas"
add action=accept chain=forward comment="FWD: Permite trafico a travez del Router"
/ip firewall nat
add action=accept chain=srcnat disabled=yes
add action=dst-nat chain=dstnat dst-address=190.61.4.35 dst-port=8297 protocol=tcp to-addresses=172.17.120.58 to-ports=8297
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip route
add distance=1 gateway=10.63.0.158 routing-mark=AGENCIA
add disabled=yes distance=1 dst-address=10.2.10.192/28 gateway=10.63.0.156 routing-mark=AGENCIA
add distance=1 dst-address=190.61.4.34/32 gateway=172.17.53.249 routing-mark=AGENCIA
add distance=1 dst-address=190.61.4.35/32 gateway=172.17.53.249 routing-mark=AGENCIA
add check-gateway=ping distance=1 dst-address=190.61.4.170/32 gateway=172.17.53.249 routing-mark=AGENCIA
add distance=1 gateway=10.62.0.33 routing-mark=SUPER_24
add distance=1 gateway=10.220.5.181
/ip route vrf
add interfaces="1149796*2 #- IFX DATA Transport #- 28MB_VID:622 #- 349109_INVERSIONES CENTROAMERICANAS, S.A. #- AGENCIAS,LAN_AGENCIA_Ether3,VRRP_AGENCIAS" routing-mark=\
    AGENCIA
add interfaces="1149796*1 #- IFX DATA Transport #- 9MB_VID:621 #- 349109_INVERSIONES CENTROAMERICANAS, S.A. #- SUPER_24,LAN_SUPER_24_Ether4,VRRP_SUPER_24" routing-mark=\
    SUPER_24
/ip service
set telnet address=190.60.0.0/16,190.61.0.0/16,172.16.0.0/16,172.17.0.0/16,10.0.120.0/24,200.62.0.0/16,200.91.0.0/16,10.16.40.103/32
set ftp disabled=yes
set www disabled=yes
set ssh address=190.60.0.0/16,190.61.0.0/16,172.16.0.0/16,172.17.0.0/16,10.0.120.0/24,200.62.0.0/16,200.91.0.0/16,10.16.40.103/32
set api disabled=yes
set api-ssl disabled=yes
/routing bgp peer
add default-originate=if-installed hold-time=20s instance=BGP_SUPER_24 name=MPLS_SUPER_24 remote-address=172.17.53.245 remote-as=18747 ttl=default
add default-originate=if-installed hold-time=20s instance=BGP_AGENCIAS name=BGP_AGENCIAS remote-address=172.17.53.249 remote-as=18747 ttl=default
/snmp
set contact=usctelecom@icasa.com.gt enabled=yes location="Data Center Corporativo" trap-community=YES trap-generators="" trap-version=2
/system identity
set name=SID_907092_INVERSIONES_CENTROAMERICANAS_INET_PPAL
/system note
set note="**************************************************************\
    \n*                                                            *\
    \n*    ATENCION:  Este equipo es propiedad de IFX Networks     *\
    \n*     El uso no autorizado esta estrictamente prohibido.     *\
    \n*   Todos los usuarios son legalmente responsables de sus    *\
    \n* acciones sobre el sistema y toda actividad sera registrada *\
    \n*                                                            *\
    \n**************************************************************"
/system ntp client
set primary-ntp=10.2.25.50 secondary-ntp=10.2.25.51
/system routerboard settings
set boot-device=nand-only
/tool graphing interface
add
/tool netwatch
add down-script="interface vrrp set VRRP_AGENCIAS priority=90\r\
    \ninterface vrrp set VRRP_SUPER_24 priority=90\r\
    \ninterface vrrp set VRRP_INTERNET priority=90" host=10.220.5.181 up-script=\
    "interface vrrp set VRRP_AGENCIAS priority=120\r\
    \ninterface vrrp set VRRP_SUPER_24 priority=120\r\
    \ninterface vrrp set VRRP_INTERNET priority=120"
/tool traffic-monitor
add interface=TO_WAN_Ether1 name=tmon1