/caps-man channel add band=2ghz-b/g/n extension-channel=Ce frequency=2412 name=channel1 width=20 add band=2ghz-b/g/n extension-channel=Ce frequency=2417 name=channel2 width=20 /interface bridge add name=bridge_hotspot add name=bridge_its add name=bridge_lan add name=bridge_work /interface ethernet set [ find default-name=ether1 ] comment=WAN set [ find default-name=ether2 ] comment=LAN /ip neighbor discovery set ether1 comment=WAN set ether2 comment=LAN /interface vlan add interface=bridge_lan loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan_66_hotspot vlan-id=66 add interface=bridge_lan loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan_77_work vlan-id=77 /caps-man datapath add bridge=bridge_hotspot client-to-client-forwarding=yes local-forwarding=yes name=ИМЯ add bridge=bridge_work client-to-client-forwarding=yes local-forwarding=yes name=ИМЯ2 /caps-man security add name=ИМЯ add authentication-types=wpa2-psk encryption=aes-ccm,tkip group-encryption=aes-ccm name=ИМЯ2 passphrase=КЛЮЧ /caps-man configuration add channel=channel1 datapath=ИМЯ datapath.vlan-id=66 datapath.vlan-mode=use-tag mode=ap name=ИМЯ rx-chains=0,1,2 security=ИМЯ ssid=ИМЯ \ tx-chains=0,1,2 add channel=channel1 datapath=ИМЯ2 datapath.vlan-id=77 datapath.vlan-mode=use-tag mode=ap name=ИМЯ2 rx-chains=0,1,2 security=ИМЯ2 ssid=\ ИМЯ2 tx-chains=0,1,2 /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot add hotspot-address=192.168.22.1 html-directory=flash/hotspot http-cookie-lifetime=1w3d name=hsprof1 /ip hotspot user profile set [ find default=yes ] keepalive-timeout=1h rate-limit=5m/5m add keepalive-timeout=1h name=more_devices rate-limit=5m/5m shared-users=unlimited add keepalive-timeout=30m mac-cookie-timeout=1d name=guest rate-limit=5m/5m shared-users=3 /ip pool add name=hs-pool-6 ranges=192.168.22.2-192.168.22.254 add name=dhcp_pool1 ranges=192.168.33.2-192.168.33.254 add name=dhcp_pool2 ranges=192.168.11.2-192.168.11.254 add name=dhcp_pool3 ranges=192.168.0.1-192.168.0.4,192.168.0.6-192.168.0.254 add name=dhcp_pool4 ranges=192.168.44.2-192.168.44.254 add name=dhcp_pool5 ranges=192.168.44.2-192.168.44.254 /ip dhcp-server add address-pool=hs-pool-6 disabled=no interface=bridge_hotspot lease-time=1h name=dhcp1 add address-pool=dhcp_pool1 disabled=no interface=bridge_work lease-time=1d10m name=dhcp2 add address-pool=dhcp_pool2 disabled=no interface=bridge_lan name=dhcp3 add address-pool=dhcp_pool5 disabled=no interface=bridge_its lease-time=3d name=dhcp4 /ip hotspot add address-pool=hs-pool-6 disabled=no interface=bridge_hotspot name=hotspot1 profile=hsprof1 /caps-man access-list add action=accept disabled=yes interface=all signal-range=-77..120 ssid-regexp="" /caps-man manager set enabled=yes /caps-man provisioning add action=create-dynamic-enabled master-configuration=ИМЯ name-format=identity /interface bridge filter add action=drop chain=forward in-bridge=bridge_hotspot out-bridge=bridge_hotspot /interface bridge port add bridge=bridge_lan interface=ether4 add bridge=bridge_lan interface=ether3 add bridge=bridge_hotspot interface=vlan_66_hotspot add bridge=bridge_work interface=vlan_77_work add bridge=bridge_its interface=ether5 /ip address add address=192.168.22.1/24 interface=bridge_hotspot network=192.168.22.0 add address=192.168.33.1/24 interface=bridge_work network=192.168.33.0 add address=192.168.11.1/24 interface=bridge_lan network=192.168.11.0 add address=192.168.0.3/24 interface=ether1 network=192.168.0.0 add address=ВНЕШНИЙ IP interface=ether1 network=ВНЕШНИЙ IP add address=192.168.44.1/24 interface=bridge_its network=192.168.44.0 /ip dhcp-client add add-default-route=no dhcp-options=hostname,clientid disabled=no interface=ether2 use-peer-dns=no /ip dhcp-server network add address=192.168.0.3/32 gateway=192.168.0.1 add address=192.168.11.0/24 dns-server=+ АДРЕС ПРОВАЙДЕРА 8.8.8.8 gateway=192.168.11.1 add address=192.168.22.0/24 comment="hotspot network" dns-server=+ АДРЕС ПРОВАЙДЕРА 8.8.8.8 gateway=192.168.22.1 add address=192.168.33.0/24 dns-server=+ АДРЕС ПРОВАЙДЕРА 8.8.8.8 gateway=192.168.33.1 add address=192.168.44.0/24 dns-server=+ АДРЕС ПРОВАЙДЕРА 8.8.8.8 gateway=192.168.44.1 /ip dns set allow-remote-requests=yes servers=8.8.8.8 + АДРЕС ПРОВАЙДЕРА /ip firewall filter add action=drop chain=forward dst-address=адрес сети src-address=адрес сети //проходящий трафик через LAN порт add action=drop chain=forward dst-address=192.168.22.0/24 src-address=192.168.44.0/24 add action=drop chain=forward dst-address=192.168.33.0/24 src-address=192.168.44.0/24 add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes add action=accept chain=input protocol=icmp add action=accept chain=input connection-state=established in-interface=ether1 add action=accept chain=input connection-state=established in-interface=ether1 add action=drop chain=input in-interface=ether1 add action=jump chain=forward in-interface=ether1 jump-target=customer add action=accept chain=customer connection-state=established add action=accept chain=customer connection-state=related add action=drop chain=customer /ip firewall nat add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes add action=masquerade chain=srcnat src-address=внутрений адрес сети организации add action=netmap chain=srcnat out-interface=ether1 to-addresses=ВНЕШНИЙ IP адрес add action=netmap chain=dstnat dst-address=ВНЕШНИЙ IP адрес to-addresses=адрес WAN порта add action=masquerade chain=srcnat comment="masquerade hotspot network" disabled=yes out-interface=ether1 src-address=192.168.22.0/24 to-addresses=адрес WAN порта add action=masquerade chain=srcnat disabled=yes src-address=192.168.11.0/24 add action=masquerade chain=srcnat disabled=yes out-interface=ether1 src-address=адрес WAN порта /ip hotspot ip-binding add address=192.168.22.234 mac-address=F6:D0:25:15:19:22 server=hotspot1 to-address=192.168.22.234 /ip hotspot user add comment=Admin disabled=yes name=admin password=ПАРОЛЬ server=hotspot1 add comment=Test disabled=yes name=test password=ПАРОЛЬ profile=more_devices server=hotspot1 /ip route add distance=1 gateway=Адрес Гейта add disabled=yes distance=1 dst-address=АДРЕС WAN порта gateway=bridge_lan add disabled=yes distance=1 dst-address=192.168.11.1/32 gateway=ether1 add disabled=yes distance=1 dst-address=192.168.22.1/32 gateway=bridge_lan /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set ssh address=Адрес сети организации disabled=yes set api disabled=yes set winbox address=Адрес сети организации set api-ssl disabled=yes /ip upnp interfaces add interface=ether1 type=external add interface=ether2 type=internal add interface=ether3 type=internal add interface=ether4 type=internal add interface=ether5 type=internal add interface=bridge_lan type=internal add interface=bridge_work type=internal add interface=bridge_hotspot type=internal /system clock set time-zone-name=Europe/Moscow /system identity set name=Controller /system routerboard settings set memory-frequency=1200DDR protected-routerboot=disabled silent-boot=yes