CR309-1G-8S+ 設定メモ - Knowlege Database

  MMM      MMM       KKK                          TTTTTTTTTTT      KKK
  MMMM    MMMM       KKK                          TTTTTTTTTTT      KKK
  MMM MMMM MMM  III  KKK  KKK  RRRRRR     OOOOOO      TTT     III  KKK  KKK
  MMM  MM  MMM  III  KKKKK     RRR  RRR  OOO  OOO     TTT     III  KKKKK
  MMM      MMM  III  KKK KKK   RRRRRR    OOO  OOO     TTT     III  KKK KKK
  MMM      MMM  III  KKK  KKK  RRR  RRR   OOOOOO      TTT     III  KKK  KKK

  MikroTik RouterOS 7.19.4 (c) 1999-2025       https://www.mikrotik.com/



Do you want to see the software license? [Y/n]:

ライセンスの表示後、パスワードの設定が求められる。

new password> *********
repeat new password> *********

Password changed

これで初期状態となる。

↑

めも†

/system identity set name=CR309-1G-8S

/snmp/community add name=localnet addresses=192.168.1.0/24 read-access=yes /snmp set enabled=yes location="localnet" contact="admin@localhost" trap-version=2 trap-community=public /snmp set trap-target=192.168.1.10 src-address=192.168.1.2 trap-version=2 trap-community=public

/interface bridge set name=bridge vlan-filtering=yes protocol-mode=rstp

/interface bridge port set [find where interface=ether1] pvid=10 /interface bridge port set [find where interface=sfp-sfpplus1] pvid=10 /interface bridge port set [find where interface=sfp-sfpplus2] pvid=10 /interface bridge port set [find where interface=sfp-sfpplus3] pvid=10 /interface bridge port set [find where interface=sfp-sfpplus4] pvid=10 /interface bridge port set [find where interface=sfp-sfpplus5] pvid=10 /interface bridge port set [find where interface=sfp-sfpplus6] pvid=10 /interface bridge port set [find where interface=sfp-sfpplus7] pvid=10

/interface bridge vlan add bridge=bridge vlan-ids=1 tagged=bridge untagged=sfp-sfpplus8 /interface bridge vlan add bridge=bridge vlan-ids=10 tagged=bridge,sfp-sfpplus8 untagged=ether1,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7 /interface bridge vlan add bridge=bridge vlan-ids=100 tagged=bridge,sfp-sfpplus8

/ip address add address=192.168.1.2/24 interface=bridge comment="Mgmt on VLAN1"

/ip firewall filter add chain=input action=drop connection-state=invalid comment="drop invalid" place-before=0 /ip firewall filter add chain=input action=accept connection-state=established,related /ip firewall filter add chain=input action=accept protocol=icmp comment="ICMP" /ip firewall filter add chain=input action=accept in-interface=bridge src-address=192.168.1.10/32 protocol=udp dst-port=161 comment="SNMP poll & trap" /ip firewall filter add chain=input action=accept in-interface=bridge src-address=192.168.1.0/24 protocol=tcp dst-port=22 comment="SSH from local LAN" /ip firewall filter add chain=input action=accept in-interface=bridge src-address=192.168.1.0/24 protocol=tcp dst-port=443,8291 comment="HTTPS" /ip firewall filter add chain=input action=accept in-interface=bridge src-address=192.168.1.0/24 protocol=tcp dst-port=80 comment="HTTP" /ip firewall filter add chain=input action=drop comment="drop all else"

/ip firewall filter move numbers=4 destination=1

/system logging action set name=remote remote=192.168.1.20 remote-port=514

numbers: 3

/system logging add topics=info action=remote /system logging add topics=warning action=remote /system logging add topics=error action=remote /system logging add topics=critical action=remote

/system/clock/ set time-zone-name=Asia/Tokyo /system/ntp/client/ set enabled=yes servers=192.168.1.22

/ip/route/ add dst-address=0.0.0.0/24 gateway=192.168.1.254 /ip/dns/ set servers=192.168.1.22,192.168.1.23 allow-remote-requests=yes

↑

参考資料†

https://wiki.mikrotik.com/Manual:CRS3xx_series_switches

https://mikrotik.com/product/crs309_1g_8s_in

https://manuals.plus/ja/mikrotik/crs309-1g-8sin-router-board-manual