Sector Configuration

All sectors participate in OSPF routing so in addition to a subnet assignment for DHCP clients (typically a /28), we will also assign an address to the loopback interface that will serve as the router-id for this device in OSPF and as the primary address in DNS for the device. For PSDR, we allocate loobback addresses from the subnet 44.25.12.0/22.

Sample Configuration from S2.SnoDEM sector router

# 2024-01-25 16:24:56 by RouterOS 7.12.1
# software id = 74UJ-C24I
#
# model = RB912UAG-5HPnD
# serial number = 77BA078D1553
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-onlyn channel-width=5mhz country=no_country_set disabled=no frequency=5900 frequency-mode=superchannel l2mtu=2290 mode=ap-bridge \
    mtu=1544 nv2-cell-radius=100 radio-name=K7WAN/SnoDEM-S2 rx-chains=0,1 scan-list=5900 ssid=HamWAN station-roaming=enabled tdma-period-size=4 tx-chains=0,1 \
    wireless-protocol=nv2
/interface vrrp
add authentication=ah interface=ether1 password=vvvvvvv name=vrrp1 version=2
/interface list
add name=mactel
add name=mac-winbox
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless channels
add band=5ghz-onlyn comment="Cell sites radiate this at 120 degrees (south-east)" frequency=5900 list=HamWAN name=Sector2-5 width=5
add band=5ghz-onlyn comment="Cell sites radiate this at 120 degrees (south-east)" frequency=5900 list=HamWAN name=Sector2-10 width=10
/ip pool
add name=pool1 ranges=44.25.65.18-44.25.65.30
/ip dhcp-server
add address-pool=pool1 authoritative=after-2sec-delay interface=wlan1 lease-time=1h name=dhcp1
/routing ospf instance
add disabled=no in-filter-chain=Ham-default name=default-v2 out-filter-chain=Ham-default redistribute=connected,ospf,bgp router-id=44.25.142.7
/routing ospf area
add disabled=no instance=default-v2 name=backbone-v2
/snmp community
set [ find default=yes ] addresses=44.24.240.0/20,44.25.0.0/16 name=hamwan
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
set 3 remote=44.25.0.8
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set max-neighbor-entries=8192 send-redirects=no
/interface list member
add interface=ether1 list=mactel
add interface=ether1 list=mac-winbox
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=44.25.65.17/28 interface=wlan1 network=44.25.65.16
add address=44.25.142.254 interface=vrrp1 network=44.25.142.254
add address=44.25.142.7/24 interface=ether1 network=44.25.142.0
/ip dhcp-server lease
add address=44.25.65.18 always-broadcast=yes client-id=1:d4:ca:6d:54:b4:f5 mac-address=D4:CA:6D:54:B4:F5 server=dhcp1
/ip dhcp-server network
add address=44.25.65.16/28 dns-server=44.25.0.1,44.25.1.1 gateway=44.25.65.17 ntp-server=44.25.0.4,44.25.1.4
/ip dns
set servers=44.25.0.1,44.25.1.1
/ip firewall mangle
add action=change-mss chain=output new-mss=1378 protocol=tcp tcp-flags=syn tcp-mss=!0-1378
/ip ipsec policy
set 0 disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh port=222
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/routing filter rule
add chain=Ham-default disabled=no rule="if (dst in 44.0.0.0/9 && dst-len in 9-32) { accept; }"
add chain=Ham-default disabled=no rule="if (dst in 44.128.0.0/10 && dst-len in 10-32) { accept; }"
add chain=Ham-default disabled=no rule="if (dst == 0.0.0.0/0) { accept; }"
/routing ospf interface-template
add area=backbone-v2 auth=md5 auth-id=1 auth-key=xxxxxxx cost=10 disabled=no interfaces=ether1 priority=1
/snmp
set contact="#hamwan on libera.chat" enabled=yes location=SnoDEM
/system clock
set time-zone-autodetect=no time-zone-name=America/Los_Angeles
/system identity
set name=S2.SnoDEM
/system logging
add action=remote topics=!debug,!snmp
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=44.25.0.4
add address=44.25.1.4
/system routerboard settings
set auto-upgrade=yes
/tool bandwidth-server
set authenticate=no
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox