Core Switch (R1) Sample Config

Initial rewrite, still in progress.  Each “cell” site has a core switch commonly referred to as “R1”.  This unit started out as a Mikrotik RB2011 and has later been replaced by a CRS112-8P-4S-IN which includes greater processing power, memory, and individual port POE control.  While technically a router, R1 is configured as a switch in that all ports are bridged.  Still, it DOES act like a router in that it participates in OSPF and is critical to site operation.

 # -> Inline comment and should not be added to router

#

/interface bridge
add name=bridge


/interface ethernet
set [ find default-name=ether6 ] comment=fancher.dem


#  Used only if creating IPIP tunnel to Edge Router

/interface ipip
add local-address=YOUR-TUNNELS-GATEWAY-IP name=MY-EDGE-R1 remote-address=THE-EDGE-ROUTERS-NON44NET-IP #Create your tunnel for getting to the edge router

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik


#Default entry below - function not used

/ip hotspot profile
set [ find default=yes ] disabled=yes html-directory=flash/hotspot

/routing ospf instance
set [ find default=yes ] distribute-default=if-installed-as-type-1 in-filter=AMPR-default out-filter=AMPR-default \
redistribute-bgp=as-type-1 redistribute-connected=as-type-1 redistribute-other-ospf=as-type-1 router-id=\
44.12.128.225


/interface bridge port
add bridge=bridge1 comment=defconf interface=ether1
add bridge=bridge1 comment=defconf interface=ether2
add bridge=bridge1 comment=defconf interface=ether3
add bridge=bridge1 comment=defconf interface=ether4
add bridge=bridge1 comment=defconf interface=ether5
add bridge=bridge1 comment=defconf interface=ether6
add bridge=bridge1 comment=defconf interface=ether7
add bridge=bridge1 comment=defconf interface=ether8
add bridge=bridge1 comment=defconf interface=sfp9
add bridge=bridge1 comment=defconf interface=sfp10
add bridge=bridge1 comment=defconf interface=sfp11
add bridge=bridge1 comment=defconf interface=sfp12


#NEED TO CHECK ON BELOW - need explanation - default setup

/interface bridge settings

set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=yes


/interface ovpn-server server
set cipher=aes256 enabled=yes


# why is this specific ether and not bridge1?

/ip address
add address=44.12.128.225/28 interface=ether1 network=44.12.128.224


/ip dns
set allow-remote-requests=no servers=8.8.8.8,8.8.4.4


# Add route for the IPIP tunnel
/ip route
add distance=1 dst-address=YOUR-IPIP-TUNNEL-HERE/32 gateway=YOUR-TUNNELS-GATEWAY-HERE #make sure that the IPIP tunnel's gateway is whatever the gateway is that hits the internet

# In HW reference config as enabled, but disabled in practice

/ip upnp
set allow-disable-external-interface=no enabled=no show-dummy-rule=no

/routing filter
add action=accept chain=AMPR-default prefix=44.0.0.0/8 prefix-length=8-32
add action=accept chain=AMPR-default prefix=0.0.0.0/0
add action=reject chain=AMPR-default


/routing ospf interface
add authentication=md5 authentication-key=ABBABBABB interface=LAN network-type=broadcast
# add authentication=md5 authentication-key=EIEIO interface=ipip-tunnel1 network-type=point-to-point

/routing ospf network
add area=backbone network=44.12.128.224/28
# add area=backbone network=<ipip-tunnel1-IP-Network-address/32>  (remote end for local IPIP tunnel interface - make /31?)

/snmp

set enabled=yes contact=”WAConnect support on groups.io”

/snmp community
set [ find default=yes ] addresses=44.24.240.0/20 name=waconnect read-access=yes write-access=no

/system identity
set name=R1.SpokaneDEM)

/system ntp client

set enabled=yes mode=unicast primary-ntp=<Regional NTP server> secondary-ntp=<State NTP server>

Add Admin user IDs and certificates as documented here

#ADDED STUFF FROM SPOKANE NOT IN ABOVEe