For CPE wireless interface is set in "station-bridge" mode, for AP "bridge" mode is used.Ĭonfiguration is the same as PTP Bridge in AP mode, except that wireless mode is set to ap_bridge for PTMP setups. There are two possible options - as CPE and as AP. Default IP address 192.168.88.1/24 is set on the bridge interface. In case of dual band routers, one wireless is configured as 5 GHz access point and other as 2.4 GHz access point.īridged ethernet with wireless interface. Other Ethernet ports and wireless interfaces are added to local LAN bridge with 192.168.88.1/24 address set and configured DHCP server.
This type of configuration is applied to home access point routers to be used straight out of the box without additional configuration (except router passwords and wireless keys)įirst Ethernet is always configured as WAN port (protected by firewall, enabled DHCP client and disabled MAC connection/discovery). Wireless is configured as access point and bridged with all available Ethernet ports. IP address on WAN port is acquired automatically. LTE interface is considered a WAN port protected by firewall and MAC discovery/connection disabled. This configuration type is applied to routers that has both LTE and wireless interfaces. List of routers using this type of configuration: WAN port has configured DHCP client, is protected by IP firewall and MAC discovery/connection is disabled. In this type of configurations router is configured as wireless client device. You can run command /system default-configuration print to see exact applied default configuration commands. There are several different configurations depending on board type: Alternatively, you can print the contents to the console: /system default-configuration printĮither way, browse through the script and find the IPv6 firewall portion.All RouterBOARDs from factory come with default configuration. This will output the full defconf script contents to a file named defaults.txt. To export your device’s defconf script in its entirety, open a terminal and enter the following command: /system default-configuration print file=defaults We will copy and apply only the IPv6 firewall section.
Our issue here is that the firewall is only one portion of the default config. But the defconf firewall configuration (both IPv4 and IPv6) is a well-thought-out, secure starting point for a SOHO network. The default configuration will vary by device, so there isn’t quite a one-size-fits-all firewall script.
You accomplish this by dumping the contents of the router’s default config script via the terminal. If you have already configured a MikroTik router before enabling the IPv6 package, and thus don’t want to apply the entire defconf default configuration/quickset, you can still copy only the IPv6 firewall rules without losing any current config.
0 kommentar(er)
