Добрый день уважаемые коллеги . только начинаю пользоваться mikrotik . основы понятны , но хочу пощупать уже настроенный микротик на 2 провайдера c локалкой на 1000 чел и 1с и рабочая группа . так токово домена нет . скиньте пожалуйста config-и или backup-ы . мне проще пощупать и посмотреть примеры . мой mikrotik ссr1009 ....1s+ последняя версия прошивки.
Вот вам роутер с двумя провайдерами на бордере. Немного упростил Код: # feb/14/2020 16:37:19 by RouterOS 6.45.8 # software id = # # # /interface bridge add name=Lo /interface ethernet set [ find default-name=ether1 ] disable-running-check=no name=ether1-uplink set [ find default-name=ether2 ] disable-running-check=no /interface vrrp add authentication=ah interface=ether2 name=vrrp1 password=KabnaFLy priority=\ 50 version=2 /interface list add name=LAN add name=WAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /routing bgp instance set default as=2089075 router-id=99.0.195.3 /interface list member add interface=ether1-uplink list=WAN /ip address add address=99.0.195.1 interface=vrrp1 network=99.0.195.0 add address=99.0.195.3/24 interface=ether2 network=99.0.195.0 add address=100.167.196.31 interface=ether1-uplink network=100.167.196.30 /ip dhcp-client add interface=ether1-uplink /ip dns set allow-remote-requests=yes cache-max-ttl=12h servers=\ 8.8.8.8,2001:4860:4860::8844,2001:4860:4860::8888 /ip firewall address-list add address=X.X.X.X list=Manage add address=Y.Y.Y.Y list=Manage /ip firewall filter add action=accept chain=input connection-state=established,related add action=accept chain=input comment=BGP-IN dst-port=179 protocol=tcp \ src-address=99.0.195.2 add action=accept chain=input comment=BGP-IN protocol=tcp src-address=\ 99.0.195.2 src-port=179 add action=accept chain=input protocol=icmp add action=accept chain=input src-address-list=Manage add action=accept chain=input dst-port=53 in-interface=ether2 protocol=tcp \ src-address=99.0.195.0/24 add action=accept chain=input dst-port=53 in-interface=ether2 protocol=udp \ src-address=99.0.195.0/24 add action=drop chain=input /ip route add distance=254 gateway=109.167.196.30 add distance=1 dst-address=199.44.13.64/32 gateway=99.0.195.2 /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set ssh disabled=yes set api disabled=yes set api-ssl disabled=yes /ip ssh set allow-none-crypto=yes forwarding-enabled=remote /ipv6 address add address=2100:1c78:0:f010::2 advertise=no interface=ether1-uplink add address=210e:1107:0:1000::3 advertise=no interface=ether2 add address=210e:1107:0:1000::1 interface=ether2 no-dad=yes /ipv6 firewall address-list add address=::/128 comment="defconf: unspecified address" list=bad_ipv6 add address=::1/128 comment="defconf: lo" list=bad_ipv6 add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6 add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6 add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6 add address=100::/64 comment="defconf: discard only " list=bad_ipv6 add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6 add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6 add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6 add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6 add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6 add address=::/104 comment="defconf: other" list=bad_ipv6 add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6 /ipv6 firewall filter add action=accept chain=input src-address=fe80::84f9:f7ff:fed5:a611/128 add action=accept chain=input comment="BGP From IKN" dst-port=179 protocol=\ tcp src-address=210e:1107:0:1000::2/128 add action=accept chain=input comment="BGP From IKN" protocol=tcp \ src-address=210e:1107:0:1000::2/128 src-port=179 add action=accept chain=input connection-state=established,related,untracked add action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid disabled=yes add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\ icmpv6 add action=accept chain=input comment="defconf: accept UDP traceroute" port=\ 33434-33534 protocol=udp add action=accept chain=input dst-port=546 protocol=udp src-address=fe80::/10 add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \ protocol=udp add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\ ipsec-ah add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\ ipsec-esp add action=accept chain=input comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec add action=accept chain=input disabled=yes dst-port=8291 protocol=tcp add action=drop chain=input comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LAN add action=accept chain=forward connection-state=\ established,related,untracked add action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalid disabled=yes add action=drop chain=forward comment=\ "defconf: drop packets with bad src ipv6" disabled=yes src-address-list=\ bad_ipv6 add action=drop chain=forward comment=\ "defconf: drop packets with bad dst ipv6" disabled=yes dst-address-list=\ bad_ipv6 add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \ disabled=yes hop-limit=equal:1 protocol=icmpv6 add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\ icmpv6 add action=accept chain=forward comment="defconf: accept HIP" protocol=139 add action=accept chain=forward comment="defconf: accept IKE" dst-port=\ 500,4500 protocol=udp add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\ ipsec-ah add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\ ipsec-esp add action=accept chain=forward comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec add action=drop chain=forward comment=\ "defconf: drop everything else not coming from LAN" disabled=yes \ in-interface-list=!LAN /ipv6 route add disabled=yes distance=1 dst-address=2101:6520:101:3::/64 gateway=\ 210e:1107:0:1000::2 add disabled=yes distance=1 dst-address=2101:6520:101:3::1/128 gateway=\ 210e:1107:0:1000::2 add disabled=yes distance=1 dst-address=210e:1107::/48 gateway=\ fe80::8cf5:d6ff:fe09:5e1e%ether2 add comment="Ilya Knyazev router" distance=1 dst-address=210e:1107:0:100::/56 \ gateway=210e:1107:0:1000::fffe /routing bgp network add network=99.0.195.0/24 synchronize=no add network=210e:1107::/48 synchronize=no /routing bgp peer add hold-time=1m30s keepalive-time=30s name=IKN-V4-iBGP remote-address=\ 99.0.195.2 remote-as=2089075 ttl=default update-source=ether2 use-bfd=yes add address-families=ipv6 hold-time=5m keepalive-time=1m name=IKN-V6-iBGP \ nexthop-choice=propagate remote-address=210e:1107:0:1000::2 remote-as=\ 2089075 ttl=default add in-filter=V4-IN name=WestCall-V4 out-filter=V4-OUT remote-address=\ 109.167.196.30 remote-as=25408 ttl=default update-source=ether1-uplink add address-families=ipv6 in-filter=V6-IN name=WestCall-V6 out-filter=V6-OUT \ remote-address=2100:1c78:0:f010::1 remote-as=25408 ttl=default \ update-source=ether1-uplink /routing filter add action=accept chain=V4-IN set-bgp-local-pref=75 add action=accept chain=V4-OUT prefix=99.0.195.0/24 prefix-length=24-32 \ set-bgp-prepend=3 add action=discard chain=V4-OUT add chain=V6-IN set-bgp-local-pref=75 add chain=V6-OUT set-bgp-prepend=3 add action=accept chain=V6-OUT prefix=210e:1107::/48 prefix-length=48-64 add action=discard chain=V6-OUT /system clock set time-zone-name=Europe/Moscow /system identity set name=Border-WestCall /system logging add topics=vrrp /system ntp client set enabled=yes primary-ntp=89.221.207.113 secondary-ntp=40.81.188.85 /system package update set channel=long-term