Dynamische V-LANs für Wifi (Capsman) und LAN auf Mikrotik mit RADIUS

# 2024-08-19 21:41:04 by RouterOS 7.15.3
# software id = M4DD-K394
#
# model = CRS354-48P-4S+2Q+
# serial number = F3160F97580C
/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
    frequency=2412 name=2ghz-CH3
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
    frequency=2432 name=2ghz-CH5
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
    frequency=2452 name=2ghz-CH7
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
    frequency=2472 name=2ghz-CH9
/interface bridge
add igmp-snooping=yes ingress-filtering=no name=bridge port-cost-mode=short \
    vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=01-Kitchen-01
set [ find default-name=ether2 ] name=02-Kitchen-02
set [ find default-name=ether3 ] name=03-Maja-Office-01
set [ find default-name=ether4 ] name=04-Maja-Office-04
set [ find default-name=ether5 ] name=05-Aisle-01
set [ find default-name=ether6 ] name=06-Aisle-02
set [ find default-name=ether7 ] name=07-Lenn-01
set [ find default-name=ether8 ] name=08-Lenn-02
set [ find default-name=ether9 ] name=09-Tuuli-01
set [ find default-name=ether10 ] name=10-Tuuli-02
set [ find default-name=ether11 ] name=11-Ralf-Office-01
set [ find default-name=ether12 ] name=12-Ralf-Office-02
set [ find default-name=ether13 ] name=13-Master-Bedroom-01
set [ find default-name=ether14 ] name=14-Master-Bedroom-02
set [ find default-name=ether15 ] name=15-Dining-01
set [ find default-name=ether16 ] name=16-Dining-02
set [ find default-name=ether17 ] name=17-Living-01
set [ find default-name=ether18 ] name=18-Living-02
set [ find default-name=ether19 ] name=19-Front-Door
set [ find default-name=ether20 ] name=20-1stFloor-Tablet
set [ find default-name=ether21 ] name=21-Kitchen-Tablet
set [ find default-name=ether22 ] name=22-HWR-Heating
set [ find default-name=ether23 ] name=23-Garden-House-01
set [ find default-name=ether24 ] name=24-Garden-House-02
set [ find default-name=ether25 ] name=25-Garden-House-03
set [ find default-name=ether26 ] name=26-Garden-House-04
set [ find default-name=ether27 ] name=27-Garden-House-05
set [ find default-name=ether34 ] name=34-CapsMan-01
set [ find default-name=ether48 ] name=48-Uplink-Opnsens
/caps-man interface
add disabled=no l2mtu=1600 mac-address=18:FD:74:92:79:E3 master-interface=\
    none name=cap2 radio-mac=18:FD:74:92:79:E3 radio-name=18FD749279E3
add disabled=no l2mtu=1600 mac-address=18:FD:74:92:7E:9F master-interface=\
    none name=cap4 radio-mac=18:FD:74:92:7E:9F radio-name=18FD74927E9F
add disabled=no l2mtu=1600 mac-address=18:FD:74:94:F2:33 master-interface=\
    none name=cap6 radio-mac=18:FD:74:94:F2:33 radio-name=18FD7494F233
add disabled=no l2mtu=1600 mac-address=18:FD:74:92:76:B1 master-interface=\
    none name=cap8 radio-mac=18:FD:74:92:76:B1 radio-name=18FD749276B1
/interface vlan
add interface=bridge name=vlan1 vlan-id=1
add interface=bridge name=vlan10-Server vlan-id=10
add interface=bridge name=vlan20-Private vlan-id=20
add interface=bridge name=vlan30-Guest vlan-id=30
add interface=bridge name=vlan40-IoT vlan-id=40
/caps-man datapath
add bridge=bridge local-forwarding=yes name=datapath1
/caps-man configuration
add country=germany datapath=datapath1 mode=ap multicast-helper=full name=\
    dynamic-VLANs ssid=HONEYPOT
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
    group-key-update=1h name=WPA2
/caps-man interface
add channel=2ghz-CH3 configuration=dynamic-VLANs datapath=datapath1 disabled=\
    no l2mtu=1600 mac-address=18:FD:74:92:79:E2 master-interface=none name=\
    cap1 radio-mac=18:FD:74:92:79:E2 radio-name=18FD749279E2 security=WPA2
add channel=2ghz-CH5 channel.frequency=2432 configuration=dynamic-VLANs \
    datapath=datapath1 disabled=no l2mtu=1600 mac-address=18:FD:74:92:7E:9E \
    master-interface=none name=cap3 radio-mac=18:FD:74:92:7E:9E radio-name=\
    18FD74927E9E security=WPA2
add channel=2ghz-CH7 configuration=dynamic-VLANs datapath=datapath1 disabled=\
    no l2mtu=1600 mac-address=18:FD:74:94:F2:32 master-interface=none name=\
    cap5 radio-mac=18:FD:74:94:F2:32 radio-name=18FD7494F232 security=WPA2
add channel=2ghz-CH9 channel.frequency=2472 configuration=dynamic-VLANs \
    datapath=datapath1 disabled=no l2mtu=1600 mac-address=18:FD:74:92:76:B0 \
    master-interface=none name=cap7 radio-mac=18:FD:74:92:76:B0 radio-name=\
    18FD749276B0 security=WPA2
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=vlan1-pool ranges=192.168.1.100-192.168.1.200
add name=vlan10-pool ranges=192.168.10.100-192.168.10.200
add name=vlan20-pool ranges=192.168.20.100-192.168.20.200
add name=vlan30-pool ranges=192.168.30.100-192.168.30.200
add name=vlan40-pool ranges=192.168.40.100-192.168.40.200
/ip dhcp-server
add address-pool=vlan1-pool interface=vlan1 lease-script="# DNS TTL to set for\  
    \_DNS entries\r\
    \n:local dnsttl \"00:15:00\";\r\  
    \n\r\
    \n###\r\
    \n# Script entry point\r\
    \n#\r\
    \n# Expected environment variables:\r\
    \n# leaseBound         1 = lease bound, 0 = lease removed\r\
    \n# leaseServerName    Name of DHCP server\r\
    \n# leaseActIP         IP address of DHCP client\r\
    \n# leaseActMAC        MAC address of DHCP client\r\
    \n###\r\
    \n\r\
    \n:local scriptName \"dhcp2dns\"\r\  
    \n:do {\r\
    \n  :local scriptObj [:parse [/system script get \$scriptName source]]\r\
    \n  \$scriptObj leaseBound=\$leaseBound leaseServerName=\$leaseServerName \
    leaseActIP=\$leaseActIP leaseActMAC=\$leaseActMAC\r\
    \n} on-error={ :log warning \"DHCP server '\$leaseServerName' lease script\  
    \_error\" };\r\  
    \n\r\
    \n# \"a.b.c.d\" -> \"a-b-c-d\" for IP addresses used as replacement for mi\  
    ssing host names\r\
    \n:local ip2Host do=\\\r\
    \n{\r\
    \n  :local outStr\r\
    \n  :for i from=0 to=([:len \$inStr] - 1) do=\\\r\
    \n  {\r\
    \n    :local tmp [:pick \$inStr \$i];\r\
    \n    :if (\$tmp =\".\") do=\\\r\  
    \n    {\r\
    \n      :set tmp \"-\"\r\  
    \n    }\r\
    \n    :set outStr (\$outStr . \$tmp)\r\
    \n  }\r\
    \n  :return \$outStr\r\
    \n}\r\
    \n\r\
    \n:local mapHostName do={\r\
    \n# param: name\r\
    \n# max length = 63\r\
    \n# allowed chars a-z,0-9,-\r\
    \n  :local allowedChars \"abcdefghijklmnopqrstuvwxyz0123456789-\";\r\  
    \n  :local numChars [:len \$name];\r\
    \n  :if (\$numChars > 63) do={:set numChars 63};\r\
    \n  :local result \"\";\r\  
    \n\r\
    \n  :for i from=0 to=(\$numChars - 1) do={\r\
    \n    :local char [:pick \$name \$i];\r\
    \n    :if ([:find \$allowedChars \$char] < 0) do={:set char \"-\"};\r\  
    \n    :set result (\$result . \$char);\r\
    \n  }\r\
    \n  :return \$result;\r\
    \n}\r\
    \n\r\
    \n:local lowerCase do={\r\
    \n# param: entry\r\
    \n  :local lower \"abcdefghijklmnopqrstuvwxyz\";\r\  
    \n  :local upper \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\r\  
    \n  :local result \"\";\r\  
    \n  :for i from=0 to=([:len \$entry] - 1) do={\r\
    \n    :local char [:pick \$entry \$i];\r\
    \n    :local pos [:find \$upper \$char];\r\
    \n    :if (\$pos > -1) do={:set char [:pick \$lower \$pos]};\r\
    \n    :set result (\$result . \$char);\r\
    \n  }\r\
    \n  :return \$result;\r\
    \n}\r\
    \n\r\
    \n:local token \"\$leaseServerName-\$leaseActMAC\";\r\  
    \n:local LogPrefix \"DHCP2DNS (\$leaseServerName)\"\r\  
    \n\r\
    \n:if ( [ :len \$leaseActIP ] <= 0 ) do=\\\r\
    \n{\r\
    \n  :log error \"\$LogPrefix: empty lease address\"\r\  
    \n  :error \"empty lease address\"\r\  
    \n}\r\
    \n\r\
    \n:if ( \$leaseBound = 1 ) do=\\\r\
    \n{\r\
    \n  # new DHCP lease added\r\
    \n  /ip dhcp-server\r\
    \n  #:local dnsttl [ get [ find name=\$leaseServerName ] lease-time ]\r\
    \n  network\r\
    \n  :local domain [ get [ find \$leaseActIP in address ] domain ]\r\
    \n  #:log info \"\$LogPrefix: DNS domain is \$domain\"\r\  
    \n\r\
    \n  :local hostname [/ip dhcp-server lease get [:pick [find mac-address=\$\
    leaseActMAC and server=\$leaseServerName] 0] value-name=host-name]\r\
    \n  #:log info \"\$LogPrefix: DHCP hostname is \$hostname\"\r\  
    \n\r\
    \n #Hostname cleanup\r\
    \n  :if ( [ :len \$hostname ] <= 0 ) do=\\\r\
    \n  {\r\
    \n    :set hostname [ \$ip2Host inStr=\$leaseActIP ]\r\
    \n    :log info \"\$LogPrefix: Empty hostname for '\$leaseActIP', using ge\  
    nerated host name '\$hostname'\"\r\  
    \n  }\r\
    \n  :set hostname [\$lowerCase entry=\$hostname]\r\
    \n  :set hostname [\$mapHostName name=\$hostname]\r\
    \n  #:log info \"\$LogPrefix: Clean hostname for FQDN is \$hostname\";\r\  
    \n\r\
    \n  :if ( [ :len \$domain ] <= 0 ) do=\\\r\
    \n  {\r\
    \n    :log warning \"\$LogPrefix: Empty domainname for '\$leaseActIP', can\  
    not create static DNS name\"\r\  
    \n    :error \"Empty domainname for '\$leaseActIP'\"\r\  
    \n  }\r\
    \n\r\
    \n  :local fqdn (\$hostname . \".\" .  \$domain)\r\  
    \n  #:log info \"\$LogPrefix: FQDN for DNS is \$fqdn\"\r\  
    \n\r\
    \n    :if ([/ip dhcp-server lease get [:pick [find mac-address=\$leaseActM\
    AC and server=\$leaseServerName] 0] ]) do={\r\
    \n      # :log info message=\"\$LogPrefix: \$leaseActMAC -> \$hostname\"\r\  
    \n      :do {\r\
    \n        /ip dns static add address=\$leaseActIP name=\$fqdn ttl=\$dnsttl\
    \_comment=\$token;\r\
    \n      } on-error={:log error message=\"\$LogPrefix: Failure during dns r\  
    egistration of \$fqdn with \$leaseActIP\"}\r\  
    \n    }\r\
    \n\r\
    \n} else={\r\
    \n# DHCP lease removed\r\
    \n  /ip dns static remove [find comment=\$token];\r\
    \n} " name=dhcp-vlan1  
add address-pool=vlan10-pool interface=vlan10-Server lease-script="# DNS TTL t\  
    o set for DNS entries\r\
    \n:local dnsttl \"00:15:00\";\r\  
    \n\r\
    \n###\r\
    \n# Script entry point\r\
    \n#\r\
    \n# Expected environment variables:\r\
    \n# leaseBound         1 = lease bound, 0 = lease removed\r\
    \n# leaseServerName    Name of DHCP server\r\
    \n# leaseActIP         IP address of DHCP client\r\
    \n# leaseActMAC        MAC address of DHCP client\r\
    \n###\r\
    \n\r\
    \n:local scriptName \"dhcp2dns\"\r\  
    \n:do {\r\
    \n  :local scriptObj [:parse [/system script get \$scriptName source]]\r\
    \n  \$scriptObj leaseBound=\$leaseBound leaseServerName=\$leaseServerName \
    leaseActIP=\$leaseActIP leaseActMAC=\$leaseActMAC\r\
    \n} on-error={ :log warning \"DHCP server '\$leaseServerName' lease script\  
    \_error\" };\r\  
    \n\r\
    \n# \"a.b.c.d\" -> \"a-b-c-d\" for IP addresses used as replacement for mi\  
    ssing host names\r\
    \n:local ip2Host do=\\\r\
    \n{\r\
    \n  :local outStr\r\
    \n  :for i from=0 to=([:len \$inStr] - 1) do=\\\r\
    \n  {\r\
    \n    :local tmp [:pick \$inStr \$i];\r\
    \n    :if (\$tmp =\".\") do=\\\r\  
    \n    {\r\
    \n      :set tmp \"-\"\r\  
    \n    }\r\
    \n    :set outStr (\$outStr . \$tmp)\r\
    \n  }\r\
    \n  :return \$outStr\r\
    \n}\r\
    \n\r\
    \n:local mapHostName do={\r\
    \n# param: name\r\
    \n# max length = 63\r\
    \n# allowed chars a-z,0-9,-\r\
    \n  :local allowedChars \"abcdefghijklmnopqrstuvwxyz0123456789-\";\r\  
    \n  :local numChars [:len \$name];\r\
    \n  :if (\$numChars > 63) do={:set numChars 63};\r\
    \n  :local result \"\";\r\  
    \n\r\
    \n  :for i from=0 to=(\$numChars - 1) do={\r\
    \n    :local char [:pick \$name \$i];\r\
    \n    :if ([:find \$allowedChars \$char] < 0) do={:set char \"-\"};\r\  
    \n    :set result (\$result . \$char);\r\
    \n  }\r\
    \n  :return \$result;\r\
    \n}\r\
    \n\r\
    \n:local lowerCase do={\r\
    \n# param: entry\r\
    \n  :local lower \"abcdefghijklmnopqrstuvwxyz\";\r\  
    \n  :local upper \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\r\  
    \n  :local result \"\";\r\  
    \n  :for i from=0 to=([:len \$entry] - 1) do={\r\
    \n    :local char [:pick \$entry \$i];\r\
    \n    :local pos [:find \$upper \$char];\r\
    \n    :if (\$pos > -1) do={:set char [:pick \$lower \$pos]};\r\
    \n    :set result (\$result . \$char);\r\
    \n  }\r\
    \n  :return \$result;\r\
    \n}\r\
    \n\r\
    \n:local token \"\$leaseServerName-\$leaseActMAC\";\r\  
    \n:local LogPrefix \"DHCP2DNS (\$leaseServerName)\"\r\  
    \n\r\
    \n:if ( [ :len \$leaseActIP ] <= 0 ) do=\\\r\
    \n{\r\
    \n  :log error \"\$LogPrefix: empty lease address\"\r\  
    \n  :error \"empty lease address\"\r\  
    \n}\r\
    \n\r\
    \n:if ( \$leaseBound = 1 ) do=\\\r\
    \n{\r\
    \n  # new DHCP lease added\r\
    \n  /ip dhcp-server\r\
    \n  #:local dnsttl [ get [ find name=\$leaseServerName ] lease-time ]\r\
    \n  network\r\
    \n  :local domain [ get [ find \$leaseActIP in address ] domain ]\r\
    \n  #:log info \"\$LogPrefix: DNS domain is \$domain\"\r\  
    \n\r\
    \n  :local hostname [/ip dhcp-server lease get [:pick [find mac-address=\$\
    leaseActMAC and server=\$leaseServerName] 0] value-name=host-name]\r\
    \n  #:log info \"\$LogPrefix: DHCP hostname is \$hostname\"\r\  
    \n\r\
    \n #Hostname cleanup\r\
    \n  :if ( [ :len \$hostname ] <= 0 ) do=\\\r\
    \n  {\r\
    \n    :set hostname [ \$ip2Host inStr=\$leaseActIP ]\r\
    \n    :log info \"\$LogPrefix: Empty hostname for '\$leaseActIP', using ge\  
    nerated host name '\$hostname'\"\r\  
    \n  }\r\
    \n  :set hostname [\$lowerCase entry=\$hostname]\r\
    \n  :set hostname [\$mapHostName name=\$hostname]\r\
    \n  #:log info \"\$LogPrefix: Clean hostname for FQDN is \$hostname\";\r\  
    \n\r\
    \n  :if ( [ :len \$domain ] <= 0 ) do=\\\r\
    \n  {\r\
    \n    :log warning \"\$LogPrefix: Empty domainname for '\$leaseActIP', can\  
    not create static DNS name\"\r\  
    \n    :error \"Empty domainname for '\$leaseActIP'\"\r\  
    \n  }\r\
    \n\r\
    \n  :local fqdn (\$hostname . \".\" .  \$domain)\r\  
    \n  #:log info \"\$LogPrefix: FQDN for DNS is \$fqdn\"\r\  
    \n\r\
    \n    :if ([/ip dhcp-server lease get [:pick [find mac-address=\$leaseActM\
    AC and server=\$leaseServerName] 0] ]) do={\r\
    \n      # :log info message=\"\$LogPrefix: \$leaseActMAC -> \$hostname\"\r\  
    \n      :do {\r\
    \n        /ip dns static add address=\$leaseActIP name=\$fqdn ttl=\$dnsttl\
    \_comment=\$token;\r\
    \n      } on-error={:log error message=\"\$LogPrefix: Failure during dns r\  
    egistration of \$fqdn with \$leaseActIP\"}\r\  
    \n    }\r\
    \n\r\
    \n} else={\r\
    \n# DHCP lease removed\r\
    \n  /ip dns static remove [find comment=\$token];\r\
    \n} " name=dhcp-vlan10  
add address-pool=vlan20-pool interface=vlan20-Private lease-script="# DNS TTL \  
    to set for DNS entries\r\
    \n:local dnsttl \"00:15:00\";\r\  
    \n\r\
    \n###\r\
    \n# Script entry point\r\
    \n#\r\
    \n# Expected environment variables:\r\
    \n# leaseBound         1 = lease bound, 0 = lease removed\r\
    \n# leaseServerName    Name of DHCP server\r\
    \n# leaseActIP         IP address of DHCP client\r\
    \n# leaseActMAC        MAC address of DHCP client\r\
    \n###\r\
    \n\r\
    \n:local scriptName \"dhcp2dns\"\r\  
    \n:do {\r\
    \n  :local scriptObj [:parse [/system script get \$scriptName source]]\r\
    \n  \$scriptObj leaseBound=\$leaseBound leaseServerName=\$leaseServerName \
    leaseActIP=\$leaseActIP leaseActMAC=\$leaseActMAC\r\
    \n} on-error={ :log warning \"DHCP server '\$leaseServerName' lease script\  
    \_error\" };\r\  
    \n\r\
    \n# \"a.b.c.d\" -> \"a-b-c-d\" for IP addresses used as replacement for mi\  
    ssing host names\r\
    \n:local ip2Host do=\\\r\
    \n{\r\
    \n  :local outStr\r\
    \n  :for i from=0 to=([:len \$inStr] - 1) do=\\\r\
    \n  {\r\
    \n    :local tmp [:pick \$inStr \$i];\r\
    \n    :if (\$tmp =\".\") do=\\\r\  
    \n    {\r\
    \n      :set tmp \"-\"\r\  
    \n    }\r\
    \n    :set outStr (\$outStr . \$tmp)\r\
    \n  }\r\
    \n  :return \$outStr\r\
    \n}\r\
    \n\r\
    \n:local mapHostName do={\r\
    \n# param: name\r\
    \n# max length = 63\r\
    \n# allowed chars a-z,0-9,-\r\
    \n  :local allowedChars \"abcdefghijklmnopqrstuvwxyz0123456789-\";\r\  
    \n  :local numChars [:len \$name];\r\
    \n  :if (\$numChars > 63) do={:set numChars 63};\r\
    \n  :local result \"\";\r\  
    \n\r\
    \n  :for i from=0 to=(\$numChars - 1) do={\r\
    \n    :local char [:pick \$name \$i];\r\
    \n    :if ([:find \$allowedChars \$char] < 0) do={:set char \"-\"};\r\  
    \n    :set result (\$result . \$char);\r\
    \n  }\r\
    \n  :return \$result;\r\
    \n}\r\
    \n\r\
    \n:local lowerCase do={\r\
    \n# param: entry\r\
    \n  :local lower \"abcdefghijklmnopqrstuvwxyz\";\r\  
    \n  :local upper \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\r\  
    \n  :local result \"\";\r\  
    \n  :for i from=0 to=([:len \$entry] - 1) do={\r\
    \n    :local char [:pick \$entry \$i];\r\
    \n    :local pos [:find \$upper \$char];\r\
    \n    :if (\$pos > -1) do={:set char [:pick \$lower \$pos]};\r\
    \n    :set result (\$result . \$char);\r\
    \n  }\r\
    \n  :return \$result;\r\
    \n}\r\
    \n\r\
    \n:local token \"\$leaseServerName-\$leaseActMAC\";\r\  
    \n:local LogPrefix \"DHCP2DNS (\$leaseServerName)\"\r\  
    \n\r\
    \n:if ( [ :len \$leaseActIP ] <= 0 ) do=\\\r\
    \n{\r\
    \n  :log error \"\$LogPrefix: empty lease address\"\r\  
    \n  :error \"empty lease address\"\r\  
    \n}\r\
    \n\r\
    \n:if ( \$leaseBound = 1 ) do=\\\r\
    \n{\r\
    \n  # new DHCP lease added\r\
    \n  /ip dhcp-server\r\
    \n  #:local dnsttl [ get [ find name=\$leaseServerName ] lease-time ]\r\
    \n  network\r\
    \n  :local domain [ get [ find \$leaseActIP in address ] domain ]\r\
    \n  #:log info \"\$LogPrefix: DNS domain is \$domain\"\r\  
    \n\r\
    \n  :local hostname [/ip dhcp-server lease get [:pick [find mac-address=\$\
    leaseActMAC and server=\$leaseServerName] 0] value-name=host-name]\r\
    \n  #:log info \"\$LogPrefix: DHCP hostname is \$hostname\"\r\  
    \n\r\
    \n #Hostname cleanup\r\
    \n  :if ( [ :len \$hostname ] <= 0 ) do=\\\r\
    \n  {\r\
    \n    :set hostname [ \$ip2Host inStr=\$leaseActIP ]\r\
    \n    :log info \"\$LogPrefix: Empty hostname for '\$leaseActIP', using ge\  
    nerated host name '\$hostname'\"\r\  
    \n  }\r\
    \n  :set hostname [\$lowerCase entry=\$hostname]\r\
    \n  :set hostname [\$mapHostName name=\$hostname]\r\
    \n  #:log info \"\$LogPrefix: Clean hostname for FQDN is \$hostname\";\r\  
    \n\r\
    \n  :if ( [ :len \$domain ] <= 0 ) do=\\\r\
    \n  {\r\
    \n    :log warning \"\$LogPrefix: Empty domainname for '\$leaseActIP', can\  
    not create static DNS name\"\r\  
    \n    :error \"Empty domainname for '\$leaseActIP'\"\r\  
    \n  }\r\
    \n\r\
    \n  :local fqdn (\$hostname . \".\" .  \$domain)\r\  
    \n  #:log info \"\$LogPrefix: FQDN for DNS is \$fqdn\"\r\  
    \n\r\
    \n    :if ([/ip dhcp-server lease get [:pick [find mac-address=\$leaseActM\
    AC and server=\$leaseServerName] 0] ]) do={\r\
    \n      # :log info message=\"\$LogPrefix: \$leaseActMAC -> \$hostname\"\r\  
    \n      :do {\r\
    \n        /ip dns static add address=\$leaseActIP name=\$fqdn ttl=\$dnsttl\
    \_comment=\$token;\r\
    \n      } on-error={:log error message=\"\$LogPrefix: Failure during dns r\  
    egistration of \$fqdn with \$leaseActIP\"}\r\  
    \n    }\r\
    \n\r\
    \n} else={\r\
    \n# DHCP lease removed\r\
    \n  /ip dns static remove [find comment=\$token];\r\
    \n} " name=dhcp-vlan20  
add address-pool=vlan30-pool interface=vlan30-Guest lease-script="# DNS TTL to\  
    \_set for DNS entries\r\
    \n:local dnsttl \"00:15:00\";\r\  
    \n\r\
    \n###\r\
    \n# Script entry point\r\
    \n#\r\
    \n# Expected environment variables:\r\
    \n# leaseBound         1 = lease bound, 0 = lease removed\r\
    \n# leaseServerName    Name of DHCP server\r\
    \n# leaseActIP         IP address of DHCP client\r\
    \n# leaseActMAC        MAC address of DHCP client\r\
    \n###\r\
    \n\r\
    \n:local scriptName \"dhcp2dns\"\r\  
    \n:do {\r\
    \n  :local scriptObj [:parse [/system script get \$scriptName source]]\r\
    \n  \$scriptObj leaseBound=\$leaseBound leaseServerName=\$leaseServerName \
    leaseActIP=\$leaseActIP leaseActMAC=\$leaseActMAC\r\
    \n} on-error={ :log warning \"DHCP server '\$leaseServerName' lease script\  
    \_error\" };\r\  
    \n\r\
    \n# \"a.b.c.d\" -> \"a-b-c-d\" for IP addresses used as replacement for mi\  
    ssing host names\r\
    \n:local ip2Host do=\\\r\
    \n{\r\
    \n  :local outStr\r\
    \n  :for i from=0 to=([:len \$inStr] - 1) do=\\\r\
    \n  {\r\
    \n    :local tmp [:pick \$inStr \$i];\r\
    \n    :if (\$tmp =\".\") do=\\\r\  
    \n    {\r\
    \n      :set tmp \"-\"\r\  
    \n    }\r\
    \n    :set outStr (\$outStr . \$tmp)\r\
    \n  }\r\
    \n  :return \$outStr\r\
    \n}\r\
    \n\r\
    \n:local mapHostName do={\r\
    \n# param: name\r\
    \n# max length = 63\r\
    \n# allowed chars a-z,0-9,-\r\
    \n  :local allowedChars \"abcdefghijklmnopqrstuvwxyz0123456789-\";\r\  
    \n  :local numChars [:len \$name];\r\
    \n  :if (\$numChars > 63) do={:set numChars 63};\r\
    \n  :local result \"\";\r\  
    \n\r\
    \n  :for i from=0 to=(\$numChars - 1) do={\r\
    \n    :local char [:pick \$name \$i];\r\
    \n    :if ([:find \$allowedChars \$char] < 0) do={:set char \"-\"};\r\  
    \n    :set result (\$result . \$char);\r\
    \n  }\r\
    \n  :return \$result;\r\
    \n}\r\
    \n\r\
    \n:local lowerCase do={\r\
    \n# param: entry\r\
    \n  :local lower \"abcdefghijklmnopqrstuvwxyz\";\r\  
    \n  :local upper \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\r\  
    \n  :local result \"\";\r\  
    \n  :for i from=0 to=([:len \$entry] - 1) do={\r\
    \n    :local char [:pick \$entry \$i];\r\
    \n    :local pos [:find \$upper \$char];\r\
    \n    :if (\$pos > -1) do={:set char [:pick \$lower \$pos]};\r\
    \n    :set result (\$result . \$char);\r\
    \n  }\r\
    \n  :return \$result;\r\
    \n}\r\
    \n\r\
    \n:local token \"\$leaseServerName-\$leaseActMAC\";\r\  
    \n:local LogPrefix \"DHCP2DNS (\$leaseServerName)\"\r\  
    \n\r\
    \n:if ( [ :len \$leaseActIP ] <= 0 ) do=\\\r\
    \n{\r\
    \n  :log error \"\$LogPrefix: empty lease address\"\r\  
    \n  :error \"empty lease address\"\r\  
    \n}\r\
    \n\r\
    \n:if ( \$leaseBound = 1 ) do=\\\r\
    \n{\r\
    \n  # new DHCP lease added\r\
    \n  /ip dhcp-server\r\
    \n  #:local dnsttl [ get [ find name=\$leaseServerName ] lease-time ]\r\
    \n  network\r\
    \n  :local domain [ get [ find \$leaseActIP in address ] domain ]\r\
    \n  #:log info \"\$LogPrefix: DNS domain is \$domain\"\r\  
    \n\r\
    \n  :local hostname [/ip dhcp-server lease get [:pick [find mac-address=\$\
    leaseActMAC and server=\$leaseServerName] 0] value-name=host-name]\r\
    \n  #:log info \"\$LogPrefix: DHCP hostname is \$hostname\"\r\  
    \n\r\
    \n #Hostname cleanup\r\
    \n  :if ( [ :len \$hostname ] <= 0 ) do=\\\r\
    \n  {\r\
    \n    :set hostname [ \$ip2Host inStr=\$leaseActIP ]\r\
    \n    :log info \"\$LogPrefix: Empty hostname for '\$leaseActIP', using ge\  
    nerated host name '\$hostname'\"\r\  
    \n  }\r\
    \n  :set hostname [\$lowerCase entry=\$hostname]\r\
    \n  :set hostname [\$mapHostName name=\$hostname]\r\
    \n  #:log info \"\$LogPrefix: Clean hostname for FQDN is \$hostname\";\r\  
    \n\r\
    \n  :if ( [ :len \$domain ] <= 0 ) do=\\\r\
    \n  {\r\
    \n    :log warning \"\$LogPrefix: Empty domainname for '\$leaseActIP', can\  
    not create static DNS name\"\r\  
    \n    :error \"Empty domainname for '\$leaseActIP'\"\r\  
    \n  }\r\
    \n\r\
    \n  :local fqdn (\$hostname . \".\" .  \$domain)\r\  
    \n  #:log info \"\$LogPrefix: FQDN for DNS is \$fqdn\"\r\  
    \n\r\
    \n    :if ([/ip dhcp-server lease get [:pick [find mac-address=\$leaseActM\
    AC and server=\$leaseServerName] 0] ]) do={\r\
    \n      # :log info message=\"\$LogPrefix: \$leaseActMAC -> \$hostname\"\r\  
    \n      :do {\r\
    \n        /ip dns static add address=\$leaseActIP name=\$fqdn ttl=\$dnsttl\
    \_comment=\$token;\r\
    \n      } on-error={:log error message=\"\$LogPrefix: Failure during dns r\  
    egistration of \$fqdn with \$leaseActIP\"}\r\  
    \n    }\r\
    \n\r\
    \n} else={\r\
    \n# DHCP lease removed\r\
    \n  /ip dns static remove [find comment=\$token];\r\
    \n} " name=dhcp-vlan30  
add address-pool=vlan40-pool interface=vlan40-IoT lease-script="# DNS TTL to s\  
    et for DNS entries\r\
    \n:local dnsttl \"00:15:00\";\r\  
    \n\r\
    \n###\r\
    \n# Script entry point\r\
    \n#\r\
    \n# Expected environment variables:\r\
    \n# leaseBound         1 = lease bound, 0 = lease removed\r\
    \n# leaseServerName    Name of DHCP server\r\
    \n# leaseActIP         IP address of DHCP client\r\
    \n# leaseActMAC        MAC address of DHCP client\r\
    \n###\r\
    \n\r\
    \n:local scriptName \"dhcp2dns\"\r\  
    \n:do {\r\
    \n  :local scriptObj [:parse [/system script get \$scriptName source]]\r\
    \n  \$scriptObj leaseBound=\$leaseBound leaseServerName=\$leaseServerName \
    leaseActIP=\$leaseActIP leaseActMAC=\$leaseActMAC\r\
    \n} on-error={ :log warning \"DHCP server '\$leaseServerName' lease script\  
    \_error\" };\r\  
    \n\r\
    \n# \"a.b.c.d\" -> \"a-b-c-d\" for IP addresses used as replacement for mi\  
    ssing host names\r\
    \n:local ip2Host do=\\\r\
    \n{\r\
    \n  :local outStr\r\
    \n  :for i from=0 to=([:len \$inStr] - 1) do=\\\r\
    \n  {\r\
    \n    :local tmp [:pick \$inStr \$i];\r\
    \n    :if (\$tmp =\".\") do=\\\r\  
    \n    {\r\
    \n      :set tmp \"-\"\r\  
    \n    }\r\
    \n    :set outStr (\$outStr . \$tmp)\r\
    \n  }\r\
    \n  :return \$outStr\r\
    \n}\r\
    \n\r\
    \n:local mapHostName do={\r\
    \n# param: name\r\
    \n# max length = 63\r\
    \n# allowed chars a-z,0-9,-\r\
    \n  :local allowedChars \"abcdefghijklmnopqrstuvwxyz0123456789-\";\r\  
    \n  :local numChars [:len \$name];\r\
    \n  :if (\$numChars > 63) do={:set numChars 63};\r\
    \n  :local result \"\";\r\  
    \n\r\
    \n  :for i from=0 to=(\$numChars - 1) do={\r\
    \n    :local char [:pick \$name \$i];\r\
    \n    :if ([:find \$allowedChars \$char] < 0) do={:set char \"-\"};\r\  
    \n    :set result (\$result . \$char);\r\
    \n  }\r\
    \n  :return \$result;\r\
    \n}\r\
    \n\r\
    \n:local lowerCase do={\r\
    \n# param: entry\r\
    \n  :local lower \"abcdefghijklmnopqrstuvwxyz\";\r\  
    \n  :local upper \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\r\  
    \n  :local result \"\";\r\  
    \n  :for i from=0 to=([:len \$entry] - 1) do={\r\
    \n    :local char [:pick \$entry \$i];\r\
    \n    :local pos [:find \$upper \$char];\r\
    \n    :if (\$pos > -1) do={:set char [:pick \$lower \$pos]};\r\
    \n    :set result (\$result . \$char);\r\
    \n  }\r\
    \n  :return \$result;\r\
    \n}\r\
    \n\r\
    \n:local token \"\$leaseServerName-\$leaseActMAC\";\r\  
    \n:local LogPrefix \"DHCP2DNS (\$leaseServerName)\"\r\  
    \n\r\
    \n:if ( [ :len \$leaseActIP ] <= 0 ) do=\\\r\
    \n{\r\
    \n  :log error \"\$LogPrefix: empty lease address\"\r\  
    \n  :error \"empty lease address\"\r\  
    \n}\r\
    \n\r\
    \n:if ( \$leaseBound = 1 ) do=\\\r\
    \n{\r\
    \n  # new DHCP lease added\r\
    \n  /ip dhcp-server\r\
    \n  #:local dnsttl [ get [ find name=\$leaseServerName ] lease-time ]\r\
    \n  network\r\
    \n  :local domain [ get [ find \$leaseActIP in address ] domain ]\r\
    \n  #:log info \"\$LogPrefix: DNS domain is \$domain\"\r\  
    \n\r\
    \n  :local hostname [/ip dhcp-server lease get [:pick [find mac-address=\$\
    leaseActMAC and server=\$leaseServerName] 0] value-name=host-name]\r\
    \n  #:log info \"\$LogPrefix: DHCP hostname is \$hostname\"\r\  
    \n\r\
    \n #Hostname cleanup\r\
    \n  :if ( [ :len \$hostname ] <= 0 ) do=\\\r\
    \n  {\r\
    \n    :set hostname [ \$ip2Host inStr=\$leaseActIP ]\r\
    \n    :log info \"\$LogPrefix: Empty hostname for '\$leaseActIP', using ge\  
    nerated host name '\$hostname'\"\r\  
    \n  }\r\
    \n  :set hostname [\$lowerCase entry=\$hostname]\r\
    \n  :set hostname [\$mapHostName name=\$hostname]\r\
    \n  #:log info \"\$LogPrefix: Clean hostname for FQDN is \$hostname\";\r\  
    \n\r\
    \n  :if ( [ :len \$domain ] <= 0 ) do=\\\r\
    \n  {\r\
    \n    :log warning \"\$LogPrefix: Empty domainname for '\$leaseActIP', can\  
    not create static DNS name\"\r\  
    \n    :error \"Empty domainname for '\$leaseActIP'\"\r\  
    \n  }\r\
    \n\r\
    \n  :local fqdn (\$hostname . \".\" .  \$domain)\r\  
    \n  #:log info \"\$LogPrefix: FQDN for DNS is \$fqdn\"\r\  
    \n\r\
    \n    :if ([/ip dhcp-server lease get [:pick [find mac-address=\$leaseActM\
    AC and server=\$leaseServerName] 0] ]) do={\r\
    \n      # :log info message=\"\$LogPrefix: \$leaseActMAC -> \$hostname\"\r\  
    \n      :do {\r\
    \n        /ip dns static add address=\$leaseActIP name=\$fqdn ttl=\$dnsttl\
    \_comment=\$token;\r\
    \n      } on-error={:log error message=\"\$LogPrefix: Failure during dns r\  
    egistration of \$fqdn with \$leaseActIP\"}\r\  
    \n    }\r\
    \n\r\
    \n} else={\r\
    \n# DHCP lease removed\r\
    \n  /ip dns static remove [find comment=\$token];\r\
    \n} " name=dhcp-vlan40  
/port
set 0 name=serial0
/user-manager user
add name=ladmin
add attributes=Tunnel-Medium-Type:6,Tunnel-Type:13,Tunnel-Private-Group-ID:20 \
    name=D2:67:63:73:61:12
add attributes=Tunnel-Medium-Type:6,Tunnel-Type:13,Tunnel-Private-Group-ID:20 \
    name=50:B1:27:81:CC:05
/caps-man aaa
set called-format=mac mac-mode=as-username-and-password
/caps-man access-list
add action=query-radius allow-signal-out-of-range=10s disabled=no \
    mac-address=00:00:00:00:00:00 ssid-regexp=""  
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/interface bridge port
add bridge=bridge ingress-filtering=no interface=34-CapsMan-01 \
    internal-path-cost=10 path-cost=10
add bridge=bridge ingress-filtering=no interface=12-Ralf-Office-02
add bridge=bridge ingress-filtering=no interface=16-Dining-02
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=no interface=17-Living-01 pvid=20
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=no interface=18-Living-02 pvid=20
add bridge=bridge ingress-filtering=no interface=24-Garden-House-02
/ip firewall connection tracking
set udp-timeout=10s
/interface bridge vlan
# vlan1 not a bridge port
add bridge=bridge tagged=bridge,vlan1 untagged=\
    12-Ralf-Office-02,16-Dining-02,34-CapsMan-01,24-Garden-House-02 vlan-ids=\
    1
# vlan10-Server not a bridge port
add bridge=bridge tagged="bridge,vlan10-Server,12-Ralf-Office-02,16-Dining-02,\  
    34-CapsMan-01,24-Garden-House-02" vlan-ids=10  
# vlan20-Private not a bridge port
add bridge=bridge tagged="bridge,vlan20-Private,12-Ralf-Office-02,16-Dining-02\  
    ,34-CapsMan-01,24-Garden-House-02" untagged=17-Living-01,18-Living-02 \  
    vlan-ids=20
# vlan30-Guest not a bridge port
add bridge=bridge tagged="bridge,vlan30-Guest,12-Ralf-Office-02,16-Dining-02,3\  
    4-CapsMan-01,24-Garden-House-02" vlan-ids=30  
# vlan40-IoT not a bridge port
add bridge=bridge tagged="bridge,vlan40-IoT,12-Ralf-Office-02,16-Dining-02,34-\  
    CapsMan-01,24-Garden-House-02" vlan-ids=40  
/interface list member
add interface=bridge list=LAN
add interface=vlan1 list=LAN
add interface=vlan10-Server list=LAN
add interface=vlan20-Private list=LAN
add interface=vlan30-Guest list=LAN
add interface=vlan40-IoT list=LAN
add interface=48-Uplink-Opnsens list=LAN
add interface=12-Ralf-Office-02 list=LAN
add interface=16-Dining-02 list=LAN
add interface=24-Garden-House-02 list=LAN
add interface=34-CapsMan-01 list=LAN
/ip address
add address=192.168.1.1/24 interface=vlan1 network=192.168.1.0
add address=192.168.10.1/24 interface=vlan10-Server network=192.168.10.0
add address=192.168.20.1/24 interface=vlan20-Private network=192.168.20.0
add address=192.168.30.1/24 interface=vlan30-Guest network=192.168.30.0
add address=192.168.40.1/24 interface=vlan40-IoT network=192.168.40.0
add address=192.168.0.11/24 interface=ether49 network=192.168.0.0
add address=10.99.1.1/24 interface=48-Uplink-Opnsens network=10.99.1.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1 \
    netmask=24 ntp-server=10.99.1.254
add address=192.168.10.0/24 dns-server=192.168.10.1 gateway=192.168.10.1 \
    netmask=24 ntp-server=10.99.1.254
add address=192.168.20.0/24 dns-server=192.168.20.1 gateway=192.168.20.1 \
    netmask=24 ntp-server=10.99.1.254
add address=192.168.30.0/24 dns-server=192.168.30.1 gateway=192.168.30.1 \
    netmask=24 ntp-server=10.99.1.254
add address=192.168.40.0/24 dns-server=192.168.40.1 gateway=192.168.40.1 \
    netmask=24 ntp-server=10.99.1.254
/ip dns
set allow-remote-requests=yes servers=10.99.1.254,9.9.9.9,1.1.1.1
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.99.1.254 \
    pref-src="" routing-table=main scope=30 suppress-hw-offload=no \  
    target-scope=10
/radius
add address=127.0.0.1 service=wireless,dot1x src-address=127.0.0.1
/radius incoming
set accept=yes
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=DC-RACK
/system note
set show-at-login=no
/system routerboard settings
set boot-os=router-os
/user-manager
set certificate=CAPsMAN-DC2C6EB2684C enabled=yes
/user-manager router
add address=127.0.0.1 name=Radius-Router