Community discussions

MikroTik App
 
takoateli
Member Candidate
Member Candidate
Topic Author
Posts: 104
Joined: Sat Oct 24, 2009 9:10 pm

VirtualAP on different lan segment?

Tue Apr 01, 2014 12:09 am

I searched the forum and Google and couldn't find out how to do it.

If I put the VirtualAP WLAN on the bridge then it gives DHCP from the bridge and the VirtualAP WLAN isn't isolated onto another lan segment. Is there some way to set the VirtualAP WLAN with it's own lan segment, with it's own DHCP server, and route it properly? It's the routing where I seem to be failing. I can set the VirtualAP WLAN (WLAN2) with it's own address and DHCP server, but the routing fails.

Thanks!
Greg
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: VirtualAP on different lan segment?

Tue Apr 01, 2014 12:31 am

Yes,
paste the results of "/export compact" command pasted on new terminal on the forum.
do not cut anything you think are not relevant.
remove only the usernames and passwords, if is any.
 
takoateli
Member Candidate
Member Candidate
Topic Author
Posts: 104
Joined: Sat Oct 24, 2009 9:10 pm

Re: VirtualAP on different lan segment?

Tue Apr 01, 2014 10:06 pm

Thanks for the help. Your grammar is fine. Here's the export:

[admin@MikroTik] > export compact
# jan/02/1970 00:48:40 by RouterOS 5.26
# software id = C7CC-9RQM
#
/interface bridge
add admin-mac=D4:CA:6D:BB:89:CD auto-mac=no l2mtu=2290 name=bridge-local \
protocol-mode=rstp
/interface wireless
set 0 band=2ghz-b/g/n channel-width=20/40mhz-ht-above disabled=no distance=\
indoors ht-rxchains=0,1 ht-txchains=0,1 l2mtu=2290 mode=ap-bridge ssid=\
MikroTik-BB89D1 wireless-protocol=any
/interface ethernet
set 0 name=ether1-gateway
set 1 name=ether2-master-local
set 2 master-port=ether2-master-local name=ether3-slave-local
set 3 master-port=ether2-master-local name=ether4-slave-local
set 4 master-port=ether2-master-local name=ether5-slave-local
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys wpa-pre-shared-key=XXXXXXXX wpa2-pre-shared-key=\
XXXXXXXXX
add authentication-types=wpa-psk,wpa2-psk eap-methods=passthrough \
management-protection=allowed mode=dynamic-keys name=guest \
supplicant-identity="" wpa-pre-shared-key=XXXXXXXX wpa2-pre-shared-key=\
XXXXXXXXX
/interface wireless
add default-ap-tx-limit=50000 default-client-tx-limit=30000 disabled=no l2mtu=\
2290 mac-address=D6:CA:6D:BB:89:D2 master-interface=wlan1 name=wlan2 \
security-profile=guest ssid=Huesped wds-cost-range=0 wds-default-cost=0
/ip firewall layer7-protocol
add name=bittorrent regexp="^(\\x13bittorrent protocol|azver\\x01\$|get /scrape\
\\\?info_hash=get /announce\\\?info_hash=|get /client/bitcomet/|GET /data\\\
\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"
add name=ares regexp="^\\x03[]Z].\?.\?\\x05\$"
add name=gnutella regexp="^(gnd[\\x01\\x02]\?.\?.\?\\x01|gnutella connect/[012]\
\\.[0-9]\\x0d\\x0a|get /uri-res/n2r\\\?urn:sha1:|get /.*user-agent: (gtk-gnu\
tella|bearshare|mactella|gnucleus|gnotella|limewire|imesh)|get /.*content-ty\
pe: application/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-\
9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[\
0-9]\?:[1-9][0-9]\?[0-9]\?[0-9]\?|gnutella.*content-type: application/x-gnut\
ella|...................\?lime)\r\
\n"
add name=gnutella2 regexp="^(gnd[\\x01\\x02]\?.\?.\?\\x01|gnutella connect/[012]\
\\.[0-9]\\x0d\\x0a|get /uri-res/n2r\\\?urn:sha1:|get /[\\x09-\\x0d -~]*user-\
agent: (gtk-gnutella|bearshare|mactella|gnucleus|gnotella|limewire|imesh)|ge\
t /[\\x09-\\x0d -~]*content-type: application/x-gnutella-packets|giv [0-9]*:\
[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9]\
[0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?:[1-9][0-9]\?[0-9]\?[0-9]\?|gnutella[\\x\
09-\\x0d -~]*content-type: application/x-gnutella|..................lime)\r\
\n"
add name=edonkey regexp="^[\\xc5\\xd4\\xe3-\\xe5].\?.\?.\?.\?([\\x01\\x02\\x05\\\
x14\\x15\\x16\\x18\\x19\\x1a\\x1b\\x1c\\x20\\x21\\x32\\x33\\x34\\x35\\x36\\x\
38\\x40\\x41\\x42\\x43\\x46\\x47\\x48\\x49\\x4a\\x4b\\x4c\\x4d\\x4e\\x4f\\x5\
0\\x51\\x52\\x53\\x54\\x55\\x56\\x57\\x58[\\x60\\x81\\x82\\x90\\x91\\x93\\x9\
6\\x97\\x98\\x99\\x9a\\x9b\\x9c\\x9e\\xa0\\xa1\\xa2\\xa3\\xa4]|\\x59........\
........\?[ -~]|\\x96....\$)"
add name=skypeout regexp="^(\\x01.\?.\?.\?.\?.\?.\?.\?.\?\\x01|\\x02.\?.\?.\?.\?\
.\?.\?.\?.\?\\x02|\\x03.\?.\?.\?.\?.\?.\?.\?.\?\\x03|\\x04.\?.\?.\?.\?.\?.\?\
.\?.\?\\x04|\\x05.\?.\?.\?.\?.\?.\?.\?.\?\\x05|\\x06.\?.\?.\?.\?.\?.\?.\?.\?\
\\x06|\\x07.\?.\?.\?.\?.\?.\?.\?.\?\\x07|\\x08.\?.\?.\?.\?.\?.\?.\?.\?\\x08|\
\\x09.\?.\?.\?.\?.\?.\?.\?.\?\\x09|\\x0a.\?.\?.\?.\?.\?.\?.\?.\?\\x0a|\\x0b.\
\?.\?.\?.\?.\?.\?.\?.\?\\x0b|\\x0c.\?.\?.\?.\?.\?.\?.\?.\?\\x0c|\\x0d.\?.\?.\
\?.\?.\?.\?.\?.\?\\x0d|\\x0e.\?.\?.\?.\?.\?.\?.\?.\?\\x0e|\\x0f.\?.\?.\?.\?.\
\?.\?.\?.\?\\x0f|\\x10.\?.\?.\?.\?.\?.\?.\?.\?\\x10|\\x11.\?.\?.\?.\?.\?.\?.\
\?.\?\\x11|\\x12.\?.\?.\?.\?.\?.\?.\?.\?\\x12|\\x13.\?.\?.\?.\?.\?.\?.\?.\?\
\\x13|\\x14.\?.\?.\?.\?.\?.\?.\?.\?\\x14|\\x15.\?.\?.\?.\?.\?.\?.\?.\?\\x15|\
\\x16.\?.\?.\?.\?.\?.\?.\?.\?\\x16|\\x17.\?.\?.\?.\?.\?.\?.\?.\?\\x17|\\x18.\
\?.\?.\?.\?.\?.\?.\?.\?\\x18|\\x19.\?.\?.\?.\?.\?.\?.\?.\?\\x19|\\x1a.\?.\?.\
\?.\?.\?.\?.\?.\?\\x1a|\\x1b.\?.\?.\?.\?.\?.\?.\?.\?\\x1b|\\x1c.\?.\?.\?.\?.\
\?.\?.\?.\?\\x1c|\\x1d.\?.\?.\?.\?.\?.\?.\?.\?\\x1d|\\x1e.\?.\?.\?.\?.\?.\?.\
\?.\?\\x1e|\\x1f.\?.\?.\?.\?.\?.\?.\?.\?\\x1f|\\x20.\?.\?.\?.\?.\?.\?.\?.\?\
\\x20|\\x21.\?.\?.\?.\?.\?.\?.\?.\?\\x21|\\x22.\?.\?.\?.\?.\?.\?.\?.\?\\x22|\
\\x23.\?.\?.\?.\?.\?.\?.\?.\?\\x23|\\\$.\?.\?.\?.\?.\?.\?.\?.\?\\\$|\\x25.\?\
.\?.\?.\?.\?.\?.\?.\?\\x25|\\x26.\?.\?.\?.\?.\?.\?.\?.\?\\x26|\\x27.\?.\?.\?\
.\?.\?.\?.\?.\?\\x27|\\(.\?.\?.\?.\?.\?.\?.\?.\?\\(|\\).\?.\?.\?.\?.\?.\?.\?\
.\?\\)|\\*.\?.\?.\?.\?.\?.\?.\?.\?\\*|\\+.\?.\?.\?.\?.\?.\?.\?.\?\\+|\\x2c.\
\?.\?.\?.\?.\?.\?.\?.\?\\x2c|\\x2d.\?.\?.\?.\?.\?.\?.\?.\?\\x2d|\\..\?.\?.\?\
.\?.\?.\?.\?.\?\\.|\\x2f.\?.\?.\?.\?.\?.\?.\?.\?\\x2f|\\x30.\?.\?.\?.\?.\?.\
\?.\?.\?\\x30|\\x31.\?.\?.\?.\?.\?.\?.\?.\?\\x31|\\x32.\?.\?.\?.\?.\?.\?.\?.\
\?\\x32|\\x33.\?.\?.\?.\?.\?.\?.\?.\?\\x33|\\x34.\?.\?.\?.\?.\?.\?.\?.\?\\x3\
4|\\x35.\?.\?.\?.\?.\?.\?.\?.\?\\x35|\\x36.\?.\?.\?.\?.\?.\?.\?.\?\\x36|\\x3\
7.\?.\?.\?.\?.\?.\?.\?.\?\\x37|\\x38.\?.\?.\?.\?.\?.\?.\?.\?\\x38|\\x39.\?.\
\?.\?.\?.\?.\?.\?.\?\\x39|\\x3a.\?.\?.\?.\?.\?.\?.\?.\?\\x3a|\\x3b.\?.\?.\?.\
\?.\?.\?.\?.\?\\x3b|\\x3c.\?.\?.\?.\?.\?.\?.\?.\?\\x3c|\\x3d.\?.\?.\?.\?.\?.\
\?.\?.\?\\x3d|\\x3e.\?.\?.\?.\?.\?.\?.\?.\?\\x3e|\\\?.\?.\?.\?.\?.\?.\?.\?.\
\?\\\?|\\x40.\?.\?.\?.\?.\?.\?.\?.\?\\x40|\\x41.\?.\?.\?.\?.\?.\?.\?.\?\\x41\
|\\x42.\?.\?.\?.\?.\?.\?.\?.\?\\x42|\\x43.\?.\?.\?.\?.\?.\?.\?.\?\\x43|\\x44\
.\?.\?.\?.\?.\?.\?.\?.\?\\x44|\\x45.\?.\?.\?.\?.\?.\?.\?.\?\\x45|\\x46.\?.\?\
.\?.\?.\?.\?.\?.\?\\x46|\\x47.\?.\?.\?.\?.\?.\?.\?.\?\\x47|\\x48.\?.\?.\?.\?\
.\?.\?.\?.\?\\x48|\\x49.\?.\?.\?.\?.\?.\?.\?.\?\\x49|\\x4a.\?.\?.\?.\?.\?.\?\
.\?.\?\\x4a|\\x4b.\?.\?.\?.\?.\?.\?.\?.\?\\x4b|\\x4c.\?.\?.\?.\?.\?.\?.\?.\?\
\\x4c|\\x4d.\?.\?.\?.\?.\?.\?.\?.\?\\x4d|\\x4e.\?.\?.\?.\?.\?.\?.\?.\?\\x4e|\
\\x4f.\?.\?.\?.\?.\?.\?.\?.\?\\x4f|\\x50.\?.\?.\?.\?.\?.\?.\?.\?\\x50|\\x51.\
\?.\?.\?.\?.\?.\?.\?.\?\\x51|\\x52.\?.\?.\?.\?.\?.\?.\?.\?\\x52|\\x53.\?.\?.\
\?.\?.\?.\?.\?.\?\\x53|\\x54.\?.\?.\?.\?.\?.\?.\?.\?\\x54|\\x55.\?.\?.\?.\?.\
\?.\?.\?.\?\\x55|\\x56.\?.\?.\?.\?.\?.\?.\?.\?\\x56|\\x57.\?.\?.\?.\?.\?.\?.\
\?.\?\\x57|\\x58.\?.\?.\?.\?.\?.\?.\?.\?\\x58|\\x59.\?.\?.\?.\?.\?.\?.\?.\?\
\\x59|\\x5a.\?.\?.\?.\?.\?.\?.\?.\?\\x5a|\\[.\?.\?.\?.\?.\?.\?.\?.\?\\[|\\\\\
.\?.\?.\?.\?.\?.\?.\?.\?\\\\|\\].\?.\?.\?.\?.\?.\?.\?.\?\\]|\\^.\?.\?.\?.\?.\
\?.\?.\?.\?\\^|\\x5f.\?.\?.\?.\?.\?.\?.\?.\?\\x5f|\\x60.\?.\?.\?.\?.\?.\?.\?\
.\?\\x60|\\x61.\?.\?.\?.\?.\?.\?.\?.\?\\x61|\\x62.\?.\?.\?.\?.\?.\?.\?.\?\\x\
62|\\x63.\?.\?.\?.\?.\?.\?.\?.\?\\x63|\\x64.\?.\?.\?.\?.\?.\?.\?.\?\\x64|\\x\
65.\?.\?.\?.\?.\?.\?.\?.\?\\x65|\\x66.\?.\?.\?.\?.\?.\?.\?.\?\\x66|\\x67.\?.\
\?.\?.\?.\?.\?.\?.\?\\x67|\\x68.\?.\?.\?.\?.\?.\?.\?.\?\\x68|\\x69.\?.\?.\?.\
\?.\?.\?.\?.\?\\x69|\\x6a.\?.\?.\?.\?.\?.\?.\?.\?\\x6a|\\x6b.\?.\?.\?.\?.\?.\
\?.\?.\?\\x6b|\\x6c.\?.\?.\?.\?.\?.\?.\?.\?\\x6c|\\x6d.\?.\?.\?.\?.\?.\?.\?.\
\?\\x6d|\\x6e.\?.\?.\?.\?.\?.\?.\?.\?\\x6e|\\x6f.\?.\?.\?.\?.\?.\?.\?.\?\\x6\
f|\\x70.\?.\?.\?.\?.\?.\?.\?.\?\\x70|\\x71.\?.\?.\?.\?.\?.\?.\?.\?\\x71|\\x7\
2.\?.\?.\?.\?.\?.\?.\?.\?\\x72|\\x73.\?.\?.\?.\?.\?.\?.\?.\?\\x73|\\x74.\?.\
\?.\?.\?.\?.\?.\?.\?\\x74|\\x75.\?.\?.\?.\?.\?.\?.\?.\?\\x75|\\x76.\?.\?.\?.\
\?.\?.\?.\?.\?\\x76|\\x77.\?.\?.\?.\?.\?.\?.\?.\?\\x77|\\x78.\?.\?.\?.\?.\?.\
\?.\?.\?\\x78|\\x79.\?.\?.\?.\?.\?.\?.\?.\?\\x79|\\x7a.\?.\?.\?.\?.\?.\?.\?.\
\?\\x7a|\\{.\?.\?.\?.\?.\?.\?.\?.\?\\{|\\|.\?.\?.\?.\?.\?.\?.\?.\?\\||\\}.\?\
.\?.\?.\?.\?.\?.\?.\?\\}|\\x7e.\?.\?.\?.\?.\?.\?.\?.\?\\x7e|\\x7f.\?.\?.\?.\
\?.\?.\?.\?.\?\\x7f|\\x80.\?.\?.\?.\?.\?.\?.\?.\?\\x80|\\x81.\?.\?.\?.\?.\?.\
\?.\?.\?\\x81|\\x82.\?.\?.\?.\?.\?.\?.\?.\?\\x82|\\x83.\?.\?.\?.\?.\?.\?.\?.\
\?\\x83|\\x84.\?.\?.\?.\?.\?.\?.\?.\?\\x84|\\x85.\?.\?.\?.\?.\?.\?.\?.\?\\x8\
5|\\x86.\?.\?.\?.\?.\?.\?.\?.\?\\x86|\\x87.\?.\?.\?.\?.\?.\?.\?.\?\\x87|\\x8\
8.\?.\?.\?.\?.\?.\?.\?.\?\\x88|\\x89.\?.\?.\?.\?.\?.\?.\?.\?\\x89|\\x8a.\?.\
\?.\?.\?.\?.\?.\?.\?\\x8a|\\x8b.\?.\?.\?.\?.\?.\?.\?.\?\\x8b|\\x8c.\?.\?.\?.\
\?.\?.\?.\?.\?\\x8c|\\x8d.\?.\?.\?.\?.\?.\?.\?.\?\\x8d|\\x8e.\?.\?.\?.\?.\?.\
\?.\?.\?\\x8e|\\x8f.\?.\?.\?.\?.\?.\?.\?.\?\\x8f|\\x90.\?.\?.\?.\?.\?.\?.\?.\
\?\\x90|\\x91.\?.\?.\?.\?.\?.\?.\?.\?\\x91|\\x92.\?.\?.\?.\?.\?.\?.\?.\?\\x9\
2|\\x93.\?.\?.\?.\?.\?.\?.\?.\?\\x93|\\x94.\?.\?.\?.\?.\?.\?.\?.\?\\x94|\\x9\
5.\?.\?.\?.\?.\?.\?.\?.\?\\x95|\\x96.\?.\?.\?.\?.\?.\?.\?.\?\\x96|\\x97.\?.\
\?.\?.\?.\?.\?.\?.\?\\x97|\\x98.\?.\?.\?.\?.\?.\?.\?.\?\\x98|\\x99.\?.\?.\?.\
\?.\?.\?.\?.\?\\x99|\\x9a.\?.\?.\?.\?.\?.\?.\?.\?\\x9a|\\x9b.\?.\?.\?.\?.\?.\
\?.\?.\?\\x9b|\\x9c.\?.\?.\?.\?.\?.\?.\?.\?\\x9c|\\x9d.\?.\?.\?.\?.\?.\?.\?.\
\?\\x9d|\\x9e.\?.\?.\?.\?.\?.\?.\?.\?\\x9e|\\x9f.\?.\?.\?.\?.\?.\?.\?.\?\\x9\
f|\\xa0.\?.\?.\?.\?.\?.\?.\?.\?\\xa0|\\xa1.\?.\?.\?.\?.\?.\?.\?.\?\\xa1|\\xa\
2.\?.\?.\?.\?.\?.\?.\?.\?\\xa2|\\xa3.\?.\?.\?.\?.\?.\?.\?.\?\\xa3|\\xa4.\?.\
\?.\?.\?.\?.\?.\?.\?\\xa4|\\xa5.\?.\?.\?.\?.\?.\?.\?.\?\\xa5|\\xa6.\?.\?.\?.\
\?.\?.\?.\?.\?\\xa6|\\xa7.\?.\?.\?.\?.\?.\?.\?.\?\\xa7|\\xa8.\?.\?.\?.\?.\?.\
\?.\?.\?\\xa8|\\xa9.\?.\?.\?.\?.\?.\?.\?.\?\\xa9|\\xaa.\?.\?.\?.\?.\?.\?.\?.\
\?\\xaa|\\xab.\?.\?.\?.\?.\?.\?.\?.\?\\xab|\\xac.\?.\?.\?.\?.\?.\?.\?.\?\\xa\
c|\\xad.\?.\?.\?.\?.\?.\?.\?.\?\\xad|\\xae.\?.\?.\?.\?.\?.\?.\?.\?\\xae|\\xa\
f.\?.\?.\?.\?.\?.\?.\?.\?\\xaf|\\xb0.\?.\?.\?.\?.\?.\?.\?.\?\\xb0|\\xb1.\?.\
\?.\?.\?.\?.\?.\?.\?\\xb1|\\xb2.\?.\?.\?.\?.\?.\?.\?.\?\\xb2|\\xb3.\?.\?.\?.\
\?.\?.\?.\?.\?\\xb3|\\xb4.\?.\?.\?.\?.\?.\?.\?.\?\\xb4|\\xb5.\?.\?.\?.\?.\?.\
\?.\?.\?\\xb5|\\xb6.\?.\?.\?.\?.\?.\?.\?.\?\\xb6|\\xb7.\?.\?.\?.\?.\?.\?.\?.\
\?\\xb7|\\xb8.\?.\?.\?.\?.\?.\?.\?.\?\\xb8|\\xb9.\?.\?.\?.\?.\?.\?.\?.\?\\xb\
9|\\xba.\?.\?.\?.\?.\?.\?.\?.\?\\xba|\\xbb.\?.\?.\?.\?.\?.\?.\?.\?\\xbb|\\xb\
c.\?.\?.\?.\?.\?.\?.\?.\?\\xbc|\\xbd.\?.\?.\?.\?.\?.\?.\?.\?\\xbd|\\xbe.\?.\
\?.\?.\?.\?.\?.\?.\?\\xbe|\\xbf.\?.\?.\?.\?.\?.\?.\?.\?\\xbf|\\xc0.\?.\?.\?.\
\?.\?.\?.\?.\?\\xc0|\\xc1.\?.\?.\?.\?.\?.\?.\?.\?\\xc1|\\xc2.\?.\?.\?.\?.\?.\
\?.\?.\?\\xc2|\\xc3.\?.\?.\?.\?.\?.\?.\?.\?\\xc3|\\xc4.\?.\?.\?.\?.\?.\?.\?.\
\?\\xc4|\\xc5.\?.\?.\?.\?.\?.\?.\?.\?\\xc5|\\xc6.\?.\?.\?.\?.\?.\?.\?.\?\\xc\
6|\\xc7.\?.\?.\?.\?.\?.\?.\?.\?\\xc7|\\xc8.\?.\?.\?.\?.\?.\?.\?.\?\\xc8|\\xc\
9.\?.\?.\?.\?.\?.\?.\?.\?\\xc9|\\xca.\?.\?.\?.\?.\?.\?.\?.\?\\xca|\\xcb.\?.\
\?.\?.\?.\?.\?.\?.\?\\xcb|\\xcc.\?.\?.\?.\?.\?.\?.\?.\?\\xcc|\\xcd.\?.\?.\?.\
\?.\?.\?.\?.\?\\xcd|\\xce.\?.\?.\?.\?.\?.\?.\?.\?\\xce|\\xcf.\?.\?.\?.\?.\?.\
\?.\?.\?\\xcf|\\xd0.\?.\?.\?.\?.\?.\?.\?.\?\\xd0|\\xd1.\?.\?.\?.\?.\?.\?.\?.\
\?\\xd1|\\xd2.\?.\?.\?.\?.\?.\?.\?.\?\\xd2|\\xd3.\?.\?.\?.\?.\?.\?.\?.\?\\xd\
3|\\xd4.\?.\?.\?.\?.\?.\?.\?.\?\\xd4|\\xd5.\?.\?.\?.\?.\?.\?.\?.\?\\xd5|\\xd\
6.\?.\?.\?.\?.\?.\?.\?.\?\\xd6|\\xd7.\?.\?.\?.\?.\?.\?.\?.\?\\xd7|\\xd8.\?.\
\?.\?.\?.\?.\?.\?.\?\\xd8|\\xd9.\?.\?.\?.\?.\?.\?.\?.\?\\xd9|\\xda.\?.\?.\?.\
\?.\?.\?.\?.\?\\xda|\\xdb.\?.\?.\?.\?.\?.\?.\?.\?\\xdb|\\xdc.\?.\?.\?.\?.\?.\
\?.\?.\?\\xdc|\\xdd.\?.\?.\?.\?.\?.\?.\?.\?\\xdd|\\xde.\?.\?.\?.\?.\?.\?.\?.\
\?\\xde|\\xdf.\?.\?.\?.\?.\?.\?.\?.\?\\xdf|\\xe0.\?.\?.\?.\?.\?.\?.\?.\?\\xe\
0|\\xe1.\?.\?.\?.\?.\?.\?.\?.\?\\xe1|\\xe2.\?.\?.\?.\?.\?.\?.\?.\?\\xe2|\\xe\
3.\?.\?.\?.\?.\?.\?.\?.\?\\xe3|\\xe4.\?.\?.\?.\?.\?.\?.\?.\?\\xe4|\\xe5.\?.\
\?.\?.\?.\?.\?.\?.\?\\xe5|\\xe6.\?.\?.\?.\?.\?.\?.\?.\?\\xe6|\\xe7.\?.\?.\?.\
\?.\?.\?.\?.\?\\xe7|\\xe8.\?.\?.\?.\?.\?.\?.\?.\?\\xe8|\\xe9.\?.\?.\?.\?.\?.\
\?.\?.\?\\xe9|\\xea.\?.\?.\?.\?.\?.\?.\?.\?\\xea|\\xeb.\?.\?.\?.\?.\?.\?.\?.\
\?\\xeb|\\xec.\?.\?.\?.\?.\?.\?.\?.\?\\xec|\\xed.\?.\?.\?.\?.\?.\?.\?.\?\\xe\
d|\\xee.\?.\?.\?.\?.\?.\?.\?.\?\\xee|\\xef.\?.\?.\?.\?.\?.\?.\?.\?\\xef|\\xf\
0.\?.\?.\?.\?.\?.\?.\?.\?\\xf0|\\xf1.\?.\?.\?.\?.\?.\?.\?.\?\\xf1|\\xf2.\?.\
\?.\?.\?.\?.\?.\?.\?\\xf2|\\xf3.\?.\?.\?.\?.\?.\?.\?.\?\\xf3|\\xf4.\?.\?.\?.\
\?.\?.\?.\?.\?\\xf4|\\xf5.\?.\?.\?.\?.\?.\?.\?.\?\\xf5|\\xf6.\?.\?.\?.\?.\?.\
\?.\?.\?\\xf6|\\xf7.\?.\?.\?.\?.\?.\?.\?.\?\\xf7|\\xf8.\?.\?.\?.\?.\?.\?.\?.\
\?\\xf8|\\xf9.\?.\?.\?.\?.\?.\?.\?.\?\\xf9|\\xfa.\?.\?.\?.\?.\?.\?.\?.\?\\xf\
a|\\xfb.\?.\?.\?.\?.\?.\?.\?.\?\\xfb|\\xfc.\?.\?.\?.\?.\?.\?.\?.\?\\xfc|\\xf\
d.\?.\?.\?.\?.\?.\?.\?.\?\\xfd|\\xfe.\?.\?.\?.\?.\?.\?.\?.\?\\xfe|\\xff.\?.\
\?.\?.\?.\?.\?.\?.\?\\xff)"
add name=skypetoskype regexp="^..\\x02............."
add name=fasttrack regexp="^get (/.download/[ -~]*|/.supernode[ -~]|/.status[ -~\
]|/.network[ -~]*|/.files|/.hash=[0-9a-f]*/[ -~]*) http/1.1|user-agent: kaza\
a|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^give [0\
-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]\?[0-9]\?[0-9]\?"
add name=goboogy regexp="<peerplat>|^get /getfilebyhash\\.cgi\\\?|^get /queue_re\
gister\\.cgi\\\?|^get /getupdowninfo\\.cgi\\\?"
add name=soribada regexp="^GETMP3\r\
\nFilename|^\01.\?.\?.\?(Q:\\+|Q2:)|^\10[\14-\16]\10[\15-\17].\?.\?.\?.\?\$"
add name=rdp regexp=rdpdr.*cliprdr.*rdpsnd
add name=cvs regexp="^BEGIN (AUTH|VERIFICATION|GSSAPI) REQUEST\
\n"
add name=nbns regexp="\01\10\01|\\)\10\01\01|0\10\01"
add name=shoutcast regexp=\
"icy [1-5][0-9][0-9] [\t-\r -~]*(content-type:audio|icy-)"
add name=dns regexp="^.\?.\?.\?.\?[\01\02].\?.\?.\?.\?.\?.\?[\01-\?][a-z0-9][\01\
-\?a-z]*[\02-\06][a-z][a-z][fglmoprstuvz]\?[aeop]\?(um)\?[\01-\10\1C][\01\03\
\04\FF]"
add name=quake-halflife regexp="^\FF\FF\FF\FFget(info|challenge)"
add name=poco regexp="^\80\94\
\n\01....\1F\9E"
add name=ciscovpn regexp="^\01\F4\01\F4"
add name=x11 regexp="^[lb].\?\0B"
add name=xboxlive regexp="^X\80........\F3|^\06XN"
add name=applejuice regexp="^ajprot\r\
\n"
add name=zmaap regexp="^\1B\D7;H[\01\02]\01\?\01"
add name=live365 regexp=membername.*session.*player
add name=rlogin regexp="^[a-z][a-z0-9][a-z0-9]+/[1-9][0-9]\?[0-9]\?[0-9]\?00"
add name=http regexp="http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\t-\r -~]*(conne\
ction:|content-type:|content-length:|date:)|post [\t-\r -~]* http/[01]\\.[01\
9]"
add name=sip regexp="^(invite|register|cancel) sip[\t-\r -~]*sip/[0-2]\\.[0-9]"
add name=pop3 regexp="^(\\+ok |-err )"
add name=smb regexp="\FFsmb[r%]"
add name=quake1 regexp="^\80\0C\01quake\03"
add name=lpd regexp="^(\01[!-~]+|\02[!-~]+\
\n.[\01\02\03][\01-\
\n -~]*|[\03\04][!-~]+[\t-\r]+[a-z][\t-\r -~]*|\05[!-~]+[\t-\r]+([a-z][!-~]*\
[\t-\r]+[1-9][0-9]\?[0-9]\?|root[\t-\r]+[!-~]+).*)\
\n\$"
add name=mute regexp="^(Public|AES)Key: [0-9a-f]*\
\nEnd(Public|AES)Key\
\n\$"
add name=ssh regexp="^ssh-[12]\\.[0-9]"
add name=jabber regexp="<stream:stream[\t-\r ][ -~]*[\t-\r ]xmlns=['\"]jabber"
add name=ncp regexp="^(dmdt.*\01.*(\"\"|\11\11|uu)|tncp.*33)"
add name=tls regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B)"
add name=directconnect regexp="^(\\\$mynick |\\\$lock |\\\$key )"
add name=netbios regexp="\81.\?.\?.[A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P]\
[A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][\
A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A\
-P]"
add name=tftp regexp="^(\01|\02)[ -~]*(netascii|octet|mail)"
add name=subspace regexp="^\01....\11\10........\01\$"
add name=hotline regexp="^....................TRTPHOTL\01\02"
add name=doom3 regexp="^\FF\FFchallenge"
add name=ftp regexp="^220[\t-\r -~]*ftp"
add name=kugoo regexp="^1..\8E"
add name=tsp regexp="^[\01-\13\16-\$]\01.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?[ -~]+"
add name=battlefield1942 regexp="^\01\11\10\\|\F8\02\10@\06"
add name=ssdp regexp="^notify[\t-\r ]\\*[\t-\r ]http/1\\.1[\t-\r -~]*ssdp:(alive\
|byebye)|^m-search[\t-\r ]\\*[\t-\r ]http/1\\.1[\t-\r -~]*ssdp:discover"
add name=imap regexp="^(\\* ok|a[0-9]+ noop)"
add name=qq regexp="^.\?\02.+\03\$"
add name=100bao regexp="^\01\01\05\
\n"
add name=aim regexp=\
"^(\\*[\01\02].*\03\0B|\\*\01.\?.\?.\?.\?\01)|flapon|toc_signon.*0x"
add name=unknown regexp=.
add name=msn-filetransfer regexp=\
"^(ver [ -~]*msnftp\r\
\nver msnftp\r\
\nusr|method msnmsgr:)"
add name=yahoo regexp="^(ymsg|ypns|yhoo).\?.\?.\?.\?.\?.\?.\?[lwt].*\C0\80"
add name=validcertssl regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B).*(t\
hawte|equifax secure|rsa data security, inc|verisign, inc|gte cybertrust roo\
t|entrust\\.net limited)"
add name=ntp regexp="^([\13\1B#\D3\DB\E3]|[\14\1C\$].......\?.\?.\?.\?.\?.\?.\?.\
\?.\?[\C6-\FF])"
add name=gnucleuslan regexp=\
"gnuclear connect/[\t-\r -~]*user-agent: gnucleus [\t-\r -~]*lan:"
add name=vnc regexp="^rfb 00[1-9]\\.00[0-9]\
\n\$"
add name=bgp regexp=\
"^\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF..\?\01[\03\04]"
add name=tesla regexp="\03\9A\89\"111\\.00 Beta |\E2<i\1E\1C\E9"
add name=openft regexp="x-openftalias: [-)(0-9a-z ~.]"
add name=h323 regexp=\
"^\03..\?\08...\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\05"
add name=finger regexp=\
"^[a-z][a-z0-9\\-_]+|login: [\t-\r -~]* name: [\t-\r -~]* Directory:"
add name=ident regexp="^[1-9][0-9]\?[0-9]\?[0-9]\?[0-9]\?[\t-\r]*,[\t-\r]*[1-9][\
0-9]\?[0-9]\?[0-9]\?[0-9]\?(\r\
\n|[\r\
\n])\?\$"
add name=gkrellm regexp="^gkrellm [23].[0-9].[0-9]\
\n\$"
add name=hddtemp regexp=\
"^\\|/dev/[a-z][a-z][a-z]\\|[0-9a-z]*\\|[0-9][0-9]\\|[cfk]\\|"
add name=socks regexp=\
"\05[\01-\08]*\05[\01-\08]\?.*\05[\01-\03][\01\03].*\05[\01-\08]\?[\01\03]"
add name=biff regexp="^[a-z][a-z0-9]+@[1-9][0-9]+\$"
add name=dhcp regexp="^[\01\02][\01- ]\06.*c\82sc"
add name=smtp regexp="^220[\t-\r -~]* (e\?smtp|simple mail)"
add name=ipp regexp=ipp://
add name=msnmessenger regexp="ver [0-9]+ msnp[1-9][0-9]\? [\\x09-\\x0d -~]*cvr0\
\\x0d\\x0a\$|usr 1 [!-~]+ [0-9. ]+\\x0d\\x0a\$|ans 1 [!-~]+ [0-9. ]+\\x0d\\x\
0a\$"
add name=irc regexp="^(nick[\t-\r -~]*user[\t-\r -~]*:|user[\t-\r -~]*:[\02-\r -\
~]*nick[\t-\r -~]*\r\
\n)"
add name=gopher regexp="^[\t-\r]*[1-9,+tgi][\t-\r -~]*\t[\t-\r -~]*\t[a-z0-9.]*\
\\.[a-z][a-z].\?.\?\t[1-9]"
add name=telnet regexp="^\FF[\FB-\FE].\FF[\FB-\FE].\FF[\FB-\FE]"
add name=snmp regexp="^\02\01\04.+([\A0-\A3]\02[\01-\04].\?.\?.\?.\?\02\01.\?\02\
\01.\?0|\A4\06.+@\04.\?.\?.\?.\?\02\01.\?\02\01.\?C)"
add name=nntp regexp="^(20[01][\t-\r -~]*AUTHINFO USER|20[01][\t-\r -~]*news)"
add name=aimwebcontent regexp=user-agent:aim/
add name=rtsp regexp="rtsp/1.0 200 ok"
add name=counterstrike-source regexp="^\FF\FF\FF\FF.*cstrikeCounter-Strike"
add name=halflife2-deathmatch regexp="^\FF\FF\FF\FF.*hl2mpDeathmatch"
add name=freenet regexp="^\01[\08\t][\03\04]"
add name=battlefield2 regexp="^(\11 \01...\?\11|\FE\FD.\?.\?.\?.\?.\?.\?(\14\01\
\06|\FF\FF\FF))|[]\01].\?battlefield2"
add name=napster regexp="^(.[\02\06][!-~]+ [!-~]+ [0-9][0-9]\?[0-9]\?[0-9]\?[0-9\
]\? \"[\t-\r -~]+\" ([0-9]|10)|1(send|get)[!-~]+ \"[\t-\r -~]+\")"
add name=soulseek regexp="^(\05..\?|.\01.[ -~]+\01F..\?.\?.\?.\?.\?.\?.\?)\$"
add name=xunlei regexp="^[()]...\?.\?.\?(reg|get|query)"
add name=ssl regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B)"
add name=citrix regexp="2&\85\92X"
add name=whois regexp="^[ !-~]+\r\
\n\$"
add name=dayofdefeat-source regexp="^\FF\FF\FF\FF.*dodDay of Defeat"
add name=teamspeak regexp="^\F4\BE\03.*teamspeak"
add name=worldofwarcraft regexp="^\06\EC\01"
add name=ventrilo regexp="^..\?v\\\$\CF"
add name=http-rtsp regexp="^(get[\t-\r -~]* Accept: application/x-rtsp-tunnelled\
|http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\t-\r -~]*a=control:rtsp://)"
add name=thecircle regexp=\
"^t\03ni.\?[\01-\06]\?t[\01-\05]s[\
\n\0B](glob|who are you\$|query data)"
add name=uucp regexp="^\10here="
add name=pcanywhere regexp="^(nq|st)\$"
add name=subversion regexp="^\\( success \\( 1 2 \\("
add name=imesh regexp="^(post[\t-\r -~]*<PasswordHash>..........................\
......</PasswordHash><ClientVer>|4\80\?\r\?\FC\FF\04|get[\t-\r -~]*Host: ims\
h\\.download-prod\\.musicnet\\.com|\02(\01|\02)\83.\?.\?.\?.\?.\?.\?.\?.\?.\
\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\02(\01|\02)\83)"
add name=cimd regexp="\02[0-4][0-9]:[0-9]+.*\03\$"
add name=mohaa regexp="^\FF\FF\FF\FFgetstatus\
\n"
add name=stun regexp="^[\01\02]................\?\$"
add name=tor regexp=TOR1.*<identity>
add name=radmin regexp="^\01\01(\08\08|\1B\1B)\$"
add name=unset regexp=.
add name=chikka regexp="^CTPv1.[123] Kamusta.*\r\
\n\$"
add name=replaytv-ivs regexp="^(get /ivs-IVSGetFileChunk|http/(0\\.9|1\\.0|1\\.1\
) [1-5][0-9][0-9] [\t-\r -~]*#####REPLAY_CHUNK_START#####)"
add name=armagetron regexp=YCLC_E|CYEL
add name=video_http regexp="http/(0\\\\.9|1\\\\.0|1\\\\.1)[\\\\x20][1-5][0-9][0-\
9].*[\\\\x09-\\\\x0d].*[\\\\x09-\\\\x0d]content-type:.video/"
add name=bittorrent_announce regexp=^get.+announce.
add name=torrent-wwws regexp="^.*(get|GET).+(torrent|thepiratebay|isohunt|entert\
ane|demonoid|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bitnova|bitsoup|m\
eganova|fulldls|btbot|fenopy|gpirate|commonbits|nyaatorrents).*\$"
add name=torrent-dns regexp="^.+(torrent|thepiratebay|isohunt|entertane|demonoid\
|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bitnova|bitsoup|meganova|full\
dls|btbot|fenopy|gpirate|commonbits|nyaatorrents).*\$"
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.30
add name=guestpool ranges=192.168.1.10-192.168.1.20
add name=dhcp_pool1 ranges=192.168.1.2-192.168.1.20
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge-local lease-time=15m \
name=default
add address-pool=dhcp_pool1 disabled=no interface=wlan2 lease-time=15m name=\
dhcp1 relay=192.168.1.1
/queue tree
add max-limit=256k name=Upload parent=ether1-gateway
add max-limit=1M name=Download parent=bridge-local
/queue type
add kind=pcq name=Download pcq-classifier=dst-address
add kind=pcq name=Upload pcq-classifier=src-address
/queue tree
add name=up_p1 packet-mark=p1 parent=Upload priority=1 queue=Upload
add limit-at=40k max-limit=1M name=up_p2 packet-mark=p2 parent=Upload priority=\
2 queue=Upload
add limit-at=40k max-limit=1M name=up_p3 packet-mark=p3 parent=Upload priority=\
3 queue=Upload
add limit-at=40k max-limit=500k name=up_p4 packet-mark=p4 parent=Upload \
priority=4 queue=Upload
add limit-at=40k max-limit=400k name=up_p5 packet-mark=p5 parent=Upload \
priority=5 queue=Upload
add limit-at=30k max-limit=300k name=up_p6 packet-mark=p6 parent=Upload \
priority=6 queue=Upload
add limit-at=30k max-limit=200k name=up_p7 packet-mark=p7 parent=Upload \
priority=7 queue=Upload
add max-limit=20k name=up_p8 packet-mark=p8 parent=Upload queue=Upload
add name=down_p1 packet-mark=p1 parent=Download priority=1 queue=Download
add limit-at=100k max-limit=5M name=down_p2 packet-mark=p2 parent=Download \
priority=2 queue=Download
add limit-at=100k max-limit=5M name=down_p3 packet-mark=p3 parent=Download \
priority=3 queue=Download
add limit-at=100k max-limit=2M name=down_p4 packet-mark=p4 parent=Download \
priority=4 queue=Download
add limit-at=100k max-limit=2M name=down_p5 packet-mark=p5 parent=Download \
priority=5 queue=Download
add limit-at=100k max-limit=1500k name=down_p6 packet-mark=p6 parent=Download \
priority=6 queue=Download
add limit-at=100k max-limit=1M name=down_p7 packet-mark=p7 parent=Download \
priority=7 queue=Download
add limit-at=100k max-limit=500k name=down_p8 packet-mark=p8 parent=Download \
queue=Download
add max-limit=50k name=xdown_p2p packet-mark=p2p parent=Download queue=Download
add max-limit=5k name=xup_p2p packet-mark=p2p parent=Upload queue=Upload
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=wlan1
add address=10.58.61.242/32 interface=ether1-gateway network=10.58.61.241
add address=192.168.1.0/24 interface=wlan2
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=208.67.220.220,8.8.8.8 gateway=\
192.168.1.1
add address=192.168.88.0/24 comment="default configuration" dns-server=\
208.67.220.220,8.8.8.8 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=208.67.220.220,8.8.8.8
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=\
ether1-gateway
add chain=forward comment="default configuration" connection-state=established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=\
invalid
/ip firewall mangle
add action=mark-connection chain=forward comment=Skype-to-skype \
layer7-protocol=skypetoskype new-connection-mark=Skype
add action=mark-connection chain=forward comment=SkypeOut layer7-protocol=\
skypeout new-connection-mark=Skype
add action=mark-packet chain=forward comment="Skype to p1" connection-mark=\
Skype new-packet-mark=p1 passthrough=no
add action=mark-packet chain=forward comment="Skype to p1" connection-mark=\
Skype new-packet-mark=p1 passthrough=no
add action=mark-connection chain=forward comment=\
"VOIP - SIP - Set for p1 with NO PASSTHROUGH" new-connection-mark=voip \
port=5060-5090 protocol=tcp src-address-list=192.168.88.1/24
add action=mark-connection chain=forward comment=\
"VOIP -L7 SIP - Set for p1 with NO PASSTHROUGH" layer7-protocol=sip \
new-connection-mark=voip src-address-list=192.168.88.1/24
add action=mark-connection chain=forward comment=\
"VOIP - SIP - Set for p1 with NO PASSTHROUGH" new-connection-mark=voip \
port=5060-5090 protocol=udp src-address-list=192.168.88.1/24
add action=mark-connection chain=forward comment=\
"VOIP - mark DSCP 46 with voip connection mark" dscp=46 \
new-connection-mark=voip src-address-list=192.168.88.1/24
add action=mark-packet chain=forward comment=\
"VOIP - SIP - Set for p1 with NO PASSTHROUGH" connection-mark=voip \
new-packet-mark=p1 passthrough=no
add action=mark-connection chain=forward comment="This captures some streaming v\
ideo, such as most google video, cnn and some others" layer7-protocol=\
video_http new-connection-mark=video
add action=mark-connection chain=forward comment=\
"This will match Hulu and similar streams - p6 NO PASSTHROUGH" \
new-connection-mark=video port=1935 protocol=tcp
add action=mark-connection chain=forward comment="This will match the ms-streami\
ng protocol used by several online tv stations - p6 NO PASSTHROUGH" \
new-connection-mark=video port=1755 protocol=tcp
add action=mark-connection chain=forward comment="This will match the RTSP strea\
ming protocol used by several online tv stations - p5 NO PASSTHROUGH" \
new-connection-mark=video port=554 protocol=tcp
add action=mark-packet chain=forward comment="Pass video to p6" \
connection-mark=video new-packet-mark=p4 passthrough=no
add action=mark-packet chain=forward comment="NTP is set at p1. It does not take\
\_much bandwidth, so nearly any priority above 3 or so should be ok" \
new-packet-mark=p1 passthrough=no port=123 protocol=udp
add action=mark-connection chain=forward comment="All Mail Ports" \
new-connection-mark=Mail port=995,143,993,25,110,587,465 protocol=tcp \
src-address-list=192.168.88.1/24
add action=mark-packet chain=forward comment="Set Mail Packets to p2" \
connection-mark=Mail new-packet-mark=p2 passthrough=no
add action=mark-connection chain=forward comment="Mark p2p connections first" \
new-connection-mark=p2p_conn p2p=all-p2p
add action=mark-connection chain=forward comment=\
"Mark BitTorrent Announce Connections p2p_conn" disabled=yes \
layer7-protocol=bittorrent_announce new-connection-mark=p2p_conn
add action=mark-connection chain=forward comment=\
"Mark BitTorrent Connections p2p_conn" layer7-protocol=bittorrent \
new-connection-mark=p2p_conn
add action=mark-connection chain=forward comment=\
"Mark Gnutella Connections p2p_conn" layer7-protocol=gnutella \
new-connection-mark=p2p_conn
add action=mark-connection chain=forward comment=\
"Mark Gnutella2 Connections p2p_conn" layer7-protocol=gnutella2 \
new-connection-mark=p2p_conn
add action=mark-packet chain=forward comment=\
"Any identifiable P2P is set at p8 with NO PASSTHROUGH." connection-mark=\
p2p_conn new-packet-mark=p2p passthrough=no
add action=mark-packet chain=forward comment=\
"NNTP is set at p7, NO PASSTHROUGH" new-packet-mark=p7 passthrough=no port=\
119 protocol=tcp
add action=mark-packet chain=forward comment=\
"NNTP - Alternate port - is set at p7, NO PASSTHROUGH" new-packet-mark=p7 \
passthrough=no port=433 protocol=tcp
add action=mark-packet chain=forward comment="SNMP set at p4 NO PASSTHROUGH" \
new-packet-mark=p4 passthrough=no port=161 protocol=udp
add action=mark-packet chain=forward comment=\
"IPSEC-ESP - Set for p3 with NO PASSTHROUGH" new-packet-mark=p3 \
passthrough=no protocol=ipsec-esp
add action=mark-packet chain=forward comment=\
"IPSEC-AH - Set for p3 with NO PASSTHROUGH" new-packet-mark=p3 passthrough=\
no protocol=ipsec-ah
add action=mark-packet chain=forward comment=\
"RDP - Set for p3 with NO PASSTHROUGH" new-packet-mark=p3 passthrough=no \
port=3389 protocol=tcp
add action=mark-connection chain=forward comment="Mark HTTP/S connections" \
new-connection-mark=HTTP/S port=80,443,8080,1935 protocol=tcp
add action=jump chain=forward comment="Mark HTTP/S connections" \
connection-mark=HTTP/S jump-target=HTTP/S
add action=mark-packet chain=HTTP/S comment=\
"bytes 0-500000 will be treated as p4" connection-bytes=0-500000 \
new-packet-mark=p4 passthrough=no protocol=tcp
add action=mark-packet chain=HTTP/S comment=\
"bytes 500001-1000000 will be treated as p5" connection-bytes=\
500001-1000000 new-packet-mark=p5 passthrough=no protocol=tcp
add action=mark-packet chain=HTTP/S comment=\
"bytes 1,000,001-5,000,000 will be treated as p6" connection-bytes=\
5000001-10000000 new-packet-mark=p6 passthrough=no protocol=tcp
add action=mark-packet chain=HTTP/S comment=\
"Remaining bytes per flow are treated as p6" new-packet-mark=p7 \
passthrough=no
add action=return chain=HTTP/S comment=Return
add action=mark-packet chain=forward comment="Everything else TCP p5" \
new-packet-mark=p5 passthrough=no protocol=tcp
add action=mark-packet chain=forward comment=\
"Set remaining UDP small packets to p7" new-packet-mark=p7 packet-size=\
0-800 passthrough=no protocol=udp
add action=mark-packet chain=forward comment="Set remaining UDP packets to p8" \
new-packet-mark=p8 passthrough=no protocol=udp
add action=mark-packet chain=forward comment="Everything else p8" \
new-packet-mark=p8 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway
/ip neighbor discovery
set ether1-gateway disabled=yes
set wlan1 disabled=yes
set wlan2 disabled=yes
/ip route
add distance=1 gateway=10.58.61.241
/system leds
set 0 interface=wlan1
/tool mac-server
add disabled=no interface=ether2-master-local
add disabled=no interface=ether3-slave-local
add disabled=no interface=ether4-slave-local
add disabled=no interface=ether5-slave-local
add disabled=no interface=wlan1
add disabled=no interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
[admin@MikroTik] >
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: VirtualAP on different lan segment?

Tue Apr 01, 2014 10:09 pm

I'm here on the forum, wait.
I'm writing the script.
 
takoateli
Member Candidate
Member Candidate
Topic Author
Posts: 104
Joined: Sat Oct 24, 2009 9:10 pm

Re: VirtualAP on different lan segment?

Tue Apr 01, 2014 10:19 pm

Thanks so much! I really appreciate it!

Greg
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: VirtualAP on different lan segment?

Tue Apr 01, 2014 10:35 pm

Paste this on terminal, an you have done:
/interface wireless security-profiles
set [ find ] management-protection=disabled supplicant-identity=MikroTik
/interface wireless
set wlan1 wireless-protocol=802.11
remove [find where name=wlan2]
add disabled=no mac-address=D6:CA:6D:BB:89:D2 master-interface=wlan1 security-profile=guest name=wlan2-vap ssid=HUESPED
/ip address
set address=192.168.120.1/24 [find where interface=wlan2]
/ip pool
remove [find where name=guestpool]
remove [find where name=dhcp_pool1]
add name=pool-guest ranges=192.168.120.101-192.168.120.199
/ip firewall nat
add action=masquerade chain=srcnat comment="wlan2-vap Guest NAT" out-interface=ether1-gateway src-address=192.168.120.0/24
/ip dhcp-server
remove [find where name=dhcp1]
add address-pool=pool-guest disabled=no interface=wlan2-vap lease-time=1w name=guest-dhcp
/ip dhcp-server network
remove [find where gateway=192.168.1.1]
add address=192.168.120.0/24 dns-server=8.8.8.8 gateway=192.168.120.1 netmask=24

If I helped you, please add Karma, thanks.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: VirtualAP on different lan segment?

Tue Apr 01, 2014 11:11 pm

any news?
 
takoateli
Member Candidate
Member Candidate
Topic Author
Posts: 104
Joined: Sat Oct 24, 2009 9:10 pm

Re: VirtualAP on different lan segment?

Wed Apr 02, 2014 1:59 am

Thanks but that didn't work. The DHCP server for the VirtualAP is disabled because of an error.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: VirtualAP on different lan segment?

Wed Apr 02, 2014 2:03 am

Thanks but that didn't work. The DHCP server for the VirtualAP is disabled because of an error.
Is appear red, as disabled, because there is no devices attached to wlan2-vap access point...

You must connect some devices for the interface go up!!!!

I hope you not revert anything, you had finished....
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1345
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: VirtualAP on different lan segment?

Wed Apr 02, 2014 2:38 am

Here is how I do it:

ros code

###############################################################################
#
# Edit wlan2-guest and goguest as desired
#
###############################################################################

# Add Virtual AP
/interface wireless security-profiles
add authentication-types=wpa2-psk mode=dynamic-keys name=WIFI_GUEST wpa2-pre-shared-key=thisisapassword
/interface wireless
add master-interface=wlan1 name=wlan2-guest ssid=goguest security-profile=WIFI_GUEST disabled=no

# Give it an IP Address
/ip address
add address=192.168.5.1/24 interface=wlan2-guest comment="WIFI_GUEST"

# Setup DHCP server for the wifi interface
/ip pool
add name=dhcp_wifi_pool ranges=192.168.5.2-192.168.5.254
/ip dhcp-server
add name=dhcp_wifi address-pool=dhcp_wifi_pool interface=wlan2-guest disabled=no
/ip dhcp-server network
add address=192.168.5.0/24 dns-server=192.168.5.1 gateway=192.168.5.1 domain=local.wifi

# masquerade
/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether-WAN src-address=192.168.5.0/24 comment="WIFI_GUEST"

# Allow guest wifi interface to work
/ip firewall filter
add chain=input   action=accept connection-state=new in-interface=wlan2-guest comment="Allow WIFI_GUEST to move through the router"
add chain=forward action=accept connection-state=new in-interface=wlan2-guest comment="Allow WIFI_GUEST to move through the router"

# Keep guest wifi from accessing LAN and vise versa.
/ip firewall filter
add chain=forward action=drop src-address=192.168.5.0/24 dst-address=192.168.0.0/24 comment="Keep WIFI_GUEST and LAN from accessing each other"
add chain=forward action=drop src-address=192.168.0.0/24 dst-address=192.168.5.0/24
 
takoateli
Member Candidate
Member Candidate
Topic Author
Posts: 104
Joined: Sat Oct 24, 2009 9:10 pm

Re: VirtualAP on different lan segment?

Wed Apr 02, 2014 2:44 am

rextended - I did try connecting and it didn't work. I'll try it some more. Thanks!

pcunite - Thanks! I'll try that too.

Greg

Who is online

Users browsing this forum: Guntis, jerogabe, neki, vkp and 27 guests