Code: Select all
/interface ethernet
set [ find default-name=ether1 ] comment="Ether1 - Office Trunk - VLAN 10,30,40” name=Office
set [ find default-name=ether2 ] comment="Ether2 - Gym Trunk - VLAN 10,20,30” master-port=Office name=Gym
set [ find default-name=ether3 ] comment="Ether3 - Housing - VLAN20" master-port=Office name=Houses
set [ find default-name=ether4 ] comment="Ether4 - Sign - VLAN40" master-port=Office name=Sign
set [ find default-name=ether5 ] comment=Disabled disabled=yes
set [ find default-name=ether6 ] comment=Disabled disabled=yes
set [ find default-name=ether7 ] comment="Ether7 - Configuration" l2mtu=10222 name=Direct
set [ find default-name=ether8 ] comment="Ether8 - WAN - From Cable Router" l2mtu=10220 name=Wan
set [ find default-name=sfp1 ] disabled=yes
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=Wan
/interface vlan
add interface=ether1 mtu=1504 name=VLAN10-Work vlan-id=10
add interface=ether1 mtu=1504 name=VLAN20-Housing vlan-id=20
add interface=ether1 mtu=1504 name=VLAN30-Guest vlan-id=30
add interface=ether1 mtu=1504 name=VLAN40-Sign vlan-id=40
/ip address
add address=192.168.1.1/24 interface=VLAN10-Work network=192.168.1.0
add address=10.10.20.1/24 interface=VLAN20-Housing network=10.10.20.0
add address=10.10.30.1/24 interface=VLAN30-Guest network=10.10.30.0
add address=172.16.192.1/24 interface=VLAN40-Sign network=10.10.40.0
add address=192.168.21.1/24 interface=ether7 network=192.168.21.0
/interface ethernet switch port
set 0 vlan-header=add-if-missing vlan-mode=secure
set 1 vlan-header=add-if-missing vlan-mode=secure
set 2 default-vlan-id=20 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=40 vlan-header=always-strip vlan-mode=secure
set 4 vlan-mode=secure
/interface ethernet switch vlan
add independent-learning=yes ports=Office,Gym,switch1-cpu switch=switch1 vlan-id=10
add independent-learning=yes ports=Gym,Houses,switch1-cpu switch=switch1 vlan-id=20
add independent-learning=yes ports=Office,Gym,switch1-cpu switch=switch1 vlan-id=30
add independent-learning=yes ports=Office,Sign,switch1-cpu switch=switch1 vlan-id=40
/ip pool
add name=vlan10 ranges=192.168.1.20-192.168.1.100
add name=vlan20 ranges=10.10.20.20-10.10.20.200
add name=vlan30 ranges=10.10.30.20-10.10.30.200
add name=vlan40 ranges=172.16.192.20-172.16.192.200
add name=direct ranges=192.168.21.20-192.168.21.100
/ip dhcp-server
add address-pool=direct disabled=no interface=ether7 name=direct
add address-pool=vlan10 disabled=no interface=VLAN10-Work lease-time=3d name=vlan10
add address-pool=vlan20 disabled=no interface=VLAN20-Housing lease-time=3d name=vlan20
add address-pool=vlan30 disabled=no interface=VLAN30-Guest lease-time=3d name=vlan30
add address-pool=vlan40 disabled=no interface=VLAN40-Sign lease-time=3d name=vlan40
/ip dhcp-server network
add address=10.10.20.0/24 dns-server=208.67.222.222,208.67.222.220 gateway=10.10.20.1
add address=10.10.30.0/24 dns-server=208.67.222.222,208.67.222.220 gateway=10.10.30.1
add address=172.16.192.0/24 dns-server=208.67.222.222,208.67.222.220 gateway=172.16.192.1
add address=192.168.1.0/24 dns-server=208.67.222.222,208.67.222.220 gateway=192.168.1.1
add address=192.168.21.0/24 gateway=192.168.21.1
/ip firewall nat
add action=masquerade chain=srcnat
add action=redirect chain=dstnat dst-port=53 in-interface=!Wan protocol=tcp