PtP Sample Config

Initial rewrite, still in progress.  Minor verification / tweaking needed.  Essentially the LAN side is a part of the R1 site LAN IP subnet.  The WLAN side is a /31 (2 IP address) subnet.  One IP is on each end of the PTP link, and the network IP for Side A is the WLAN interface IP of Side B.  Both LAN and WLAN are added to the OSPF backbone area to handle the traffic.

Note:  One side of the link needs to be in AP mode, the other in Station mode.

 # -> Inline comment and should not be added to router

# jul/12/2016 10:11:33 by RouterOS 6.34.4
# software id = 6M0M-F9G3
#
/interface bridge
add name=loopback0
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-onlyac country="united states" disabled=no frequency=<ISMPTPFREQ> frequency-mode=superchannel \
mode=ap-bridge OR mode=station nv2-cell-radius=100 nv2-preshared-key=<MyUniqueKey> radio-name=<DestSiteName>.<LocalSiteName>/WA7CON \
scan-list=<ISMPTPFREQ> ssid=WAConnect tdma-period-size=4 wireless-protocol=nv2
/interface vrrp
add authentication=ah interface=ether1 name=vrrp1 password=<SharedSiteVRRPPassword> version=2
# Security profiles below is a system default entry
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/routing ospf instance
set [ find default=yes ] distribute-default=if-installed-as-type-1 in-filter=AMPR-default out-filter=AMPR-default redistribute-bgp=as-type-1
redistribute-connected=as-type-1 redistribute-other-ospf=as-type-1 router-id=<UniqueAssignedRouterID-IP>
/system logging action
set 3 remote=<SystemLoggingHostIP> (is this multicast, can we do more than one?)
/ip settings
set send-redirects=no
/ip address
add address=<AssignedLANEthernetIP/Mask-ex.-44.25.x.y/28> interface=ether1 network=<NetworkIPofSubnetToLeft>
add address=<AssignedPTPWlanEthernetIP/Mask-ex.-44.25.x.y/31> interface=wlan1 network=<AssignedPTPWlanEthernetIP-ONOPPOSITEEND>
add address=<SharedVRRP-IPforSite> interface=vrrp1 network=<SharedVRRP-IPforSite>
# - VRRP is a single IP address (/32) -same for both network and device IP
/ip dns
set servers=<WAConnectRegionalDnsIP1,WAConnectRegionalDnsIP2,WAConnectStateDnsIP1,WAConnectStateDnsIP2>
# Firewall mangle is a standard entry
/ip firewall mangle
add action=change-mss chain=output new-mss=1378 protocol=tcp tcp-flags=syn tcp-mss=!0-1378
/ip service
set ssh port=222

/routing filter
# REQUIRED – sets filters for AMPRNet (44 AMPR Network)
add action=accept chain=AMPR-default prefix=44.0.0.0/8 prefix-length=8-32
add action=accept chain=AMPR-default prefix=0.0.0.0/0
add action=reject chain=AMPR-default

/routing ospf interface
add authentication=md5 authentication-key=<WlanLinkUniqueOSPFPassword> interface=wlan1 network-type=point-to-point
add authentication=md5 authentication-key=<LANLinkSharedSiteOSPFPassword> interface=ether1 network-type=broadcast

/routing ospf network
add area=backbone network=<LANSideNetworkIP/Mask>
add area=backbone network=<WLanSideIP/Mask> – VERIFY – Orig specified single IP/32, is this local or far end?

/snmp
set contact=”#WAConnect Support via Groups.IO” enabled=yes

/snmp community
set [ find default=yes ] addresses=<SNMPIPNetworkID/Mask> name=waconnect

/system clock
set time-zone-autodetect=no time-zone-name=America/Los_Angeles

/system identity
set name=<DestSiteName>.<LocalSiteName>

/system leds
set 1 interface=wlan1

/system logging action set 3 bsd-syslog=no name=remote remote=<NetworkLoggingIPMaster> remote-port=514 src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto target=remote
/system logging add action=remote disabled=no prefix=”” topics=info
/system logging add action=remote disabled=no prefix=”” topics=warning
/system logging add action=remote disabled=no prefix=”” topics=error

/system ntp client

set enabled=yes primary-ntp=<WAConnectRegionalNTP-IP1> secondary-ntp=<WAConnectStateNTP-IP1>

/system routerboard settings (REVIEW/MODIFY)

set cpu-frequency=720MHz

/tool bandwidth-server

set authenticate=no (REVIEW/MODIFY)
 
Add Admin user IDs and certificates as documented here

#ADDED STUFF FROM SPOKANE NOT IN ABOVE

/ip neighbor discovery-settings

set discover-interface-list=!dynamic

/snmp community above is in this config but not fancher.dem – check HW website